Solidity 智能合约审计
[英]Solidity smart contract audit
问题描述
I have a solidity code to audit like this
我有一个可靠的代码可以像这样审计
pragma solidity ^0.8.0;
import "@openzeppelin/contracts/token/ERC20/IERC20.sol";
// Allow to split the balance through complex rules
interface Split{
function getAddressAndAmountToSplit() view external returns(address, uint);
}
// MyBank contract
// This contract allows anyone to store any ERC20 tokens
contract MyBank {
// (token => user => amount)
mapping (address => mapping(address => uint)) public userBalance;
// (address => Split contract)
mapping (address => Split) splits;
// Deposit ERC20 tokens to the contracts
// The user must approve the bank before calling addToBalance
function addToBalance(IERC20 token, uint amount) external {
token.transferFrom(msg.sender, address(this), amount);
userBalance[address(token)][msg.sender] += amount;
}
// Withdraw part of the balance
function withdrawBalance(IERC20 token) external {
token.transfer(msg.sender, userBalance[address(token)][msg.sender]);
userBalance[address(token)][msg.sender] = 0;
}
// Allow to register a split contract
function registerSplit(Split split) external {
splits[msg.sender] = split;
}
// Split the balance into two accounts
// The usage of a Split contract allows to create complex split strategies
function splitBalance(IERC20 token) external {
Split split = splits[msg.sender];
require(split != Split(address(0x0)));
uint balance = userBalance[address(token)][msg.sender];
(address dest, uint amount) = Split(split).getAddressAndAmountToSplit();
userBalance[address(token)][dest] = amount;
userBalance[address(token)][msg.sender] = balance - amount;
}
}
What I found.我发现了什么。
- function withdrawBalance(IERC20 token) external possible reentrancy attack, because we check balance in the end function withdrawBalance(IERC20 token) 外部可能的重入攻击,因为我们最后检查余额
- function splitBalance(IERC20 token) external - vulnerable business logic, because if amount is greater than balance we get negative value and possible integer overflow function splitBalance(IERC20 token) 外部 - 易受攻击的业务逻辑,因为如果金额大于余额,我们会得到负值并且可能 integer 溢出
If you have any idea of possible vulnerabilities of code above, please feel free to provide any further assistance如果您对上述代码可能存在的漏洞有任何想法,请随时提供任何进一步的帮助
1 个解决方案
解决方案1
0 2022-04-11 11:38:09
Probably a bit late but if anyone reads this for why I think these aren't vulnerabilities.可能有点晚了,但如果有人读到这篇文章是因为我认为这些不是漏洞。 First of all, there are no reentrancy attacks possible here, due to the fact that transfer function only forwards 2300 gas, which is quite not enough to execute something meaningful.首先,这里不可能进行重入攻击,因为 transfer function 只转发了 2300 gas,这不足以执行一些有意义的事情。
Secondly, its possible to add a require check if balance is bigger than the amount.其次,如果余额大于金额,可以添加 require 检查。 But since contract is using later than or equal to 0.8.0 compiler versions, if amount is indeed bigger than balance, it will automatically revert due to underflow.但由于合约使用的是0.8.0以上的编译器版本,如果amount确实大于balance,会由于underflow自动恢复。
I think as a smart contract auditor, you should know these better.我觉得作为一个智能合约审计员,你应该更了解这些。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.