一、BEC介绍

BEC币全称Beauty Chain,BEC币中文名美币,上线OKEx等交易平台。BEC是世界上第一个专注于美容生态系统的区块链平台。这是一个基于Beauty Chain的创新开放平台,吸引并汇集了美容行业的上游和下游应用。美容生态系统硬币(BEC币)是生态系统中使用的令牌,可作为用户,工作人员,应用程序开发人员以及上游和下游公司的激励。

2018年2月,美链(BEC)上线OKEX,发行70亿代币,市值一度突破280亿美金。该项目宣称打造“全球第一个基于区块链技术打造的美丽生态链平台”。然而在4月22日,由于BEC爆出严重漏洞,OKEx发布最新公告称,暂停BEC交易和提现。

之后BEC的市值受到了严重影响。

在这里,我们不对其漏洞之后的经济影响进行分析,而将重点关注在漏洞本身上。而在本文中,我们要通过以下三方面对BEC进行详细的介绍:BEC事件、BEC源代码解析、BEC漏洞解析以及测试部署。

经过本文的分析后,读者能够做到在本地部署真实的代币合约并进行漏洞利用进行攻击部署。希望本文能够帮助读者更好的理解漏洞原理,并且为以后的安全的区块链开发提供帮助。

作为一款占据市场市值并且有一定汇率的网络代币,相关合约开发人员在编写以太坊合约的时候需要更加注重细节的安全性。由于以太坊的机制问题,上传到区块链的代码是无法被二次修改的,所以有时一次疏忽就意味着项目的被迫中止。然而由于区块链的匿名特性,所以倘若合约被黑客攻陷,那么存在于合约中的代币就会相应的受到影响,从而导致市值的蒸发等问题。而我们下面就来分析BEC代币是如何进行操作的,并且其漏洞是如何产生的,我们如何对其进行复现攻击。

二、代码详解

1 代码部分

要清楚漏洞的原因,我们首先需要了解代币的运行机制。在这里,我们通过分析代码的形式对合约进行分析。下面是合约代码:(以太坊合约地址:https://etherscan.io/address/0xc5d105e63711398af9bbff092d4b6769c82f793d)

pragma solidity ^0.4.16;

/**
 * @title SafeMath
 * @dev Math operations with safety checks that throw on error
 */
library SafeMath {
  function mul(uint256 a, uint256 b) internal constant returns (uint256) {
    uint256 c = a * b;
    assert(a == 0 || c / a == b);
    return c;
  }

  function div(uint256 a, uint256 b) internal constant returns (uint256) {
    // assert(b > 0); // Solidity automatically throws when dividing by 0
    uint256 c = a / b;
    // assert(a == b * c + a % b); // There is no case in which this doesn't hold
    return c;
  }

  function sub(uint256 a, uint256 b) internal constant returns (uint256) {
    assert(b <= a);
    return a - b;
  }

  function add(uint256 a, uint256 b) internal constant returns (uint256) {
    uint256 c = a + b;
    assert(c >= a);
    return c;
  }
}

/**
 * @title ERC20Basic
 * @dev Simpler version of ERC20 interface
 * @dev see https://github.com/ethereum/EIPs/issues/179
 */
contract ERC20Basic {
  uint256 public totalSupply;
  function balanceOf(address who) public constant returns (uint256);
  function transfer(address to, uint256 value) public returns (bool);
  event Transfer(address indexed from, address indexed to, uint256 value);
}

/**
 * @title Basic token
 * @dev Basic version of StandardToken, with no allowances.
 */
contract BasicToken is ERC20Basic {
  using SafeMath for uint256;

  mapping(address => uint256) balances;

  /**
  * @dev transfer token for a specified address
  * @param _to The address to transfer to.
  * @param _value The amount to be transferred.
  */
  function transfer(address _to, uint256 _value) public returns (bool) {
    require(_to != address(0));
    require(_value > 0 && _value <= balances[msg.sender]);

    // SafeMath.sub will throw if there is not enough balance.
    balances[msg.sender] = balances[msg.sender].sub(_value);
    balances[_to] = balances[_to].add(_value);
    Transfer(msg.sender, _to, _value);
    return true;
  }

  /**
  * @dev Gets the balance of the specified address.
  * @param _owner The address to query the the balance of.
  * @return An uint256 representing the amount owned by the passed address.
  */
  function balanceOf(address _owner) public constant returns (uint256 balance) {
    return balances[_owner];
  }
}

/**
 * @title ERC20 interface
 * @dev see https://github.com/ethereum/EIPs/issues/20
 */
contract ERC20 is ERC20Basic {
  function allowance(address owner, address spender) public constant returns (uint256);
  function transferFrom(address from, address to, uint256 value) public returns (bool);
  function approve(address spender, uint256 value) public returns (bool);
  event Approval(address indexed owner, address indexed spender, uint256 value);
}


/**
 * @title Standard ERC20 token
 *
 * @dev Implementation of the basic standard token.
 * @dev https://github.com/ethereum/EIPs/issues/20
 * @dev Based on code by FirstBlood: https://github.com/Firstbloodio/token/blob/master/smart_contract/FirstBloodToken.sol
 */
contract StandardToken is ERC20, BasicToken {

  mapping (address => mapping (address => uint256)) internal allowed;


  /**
   * @dev Transfer tokens from one address to another
   * @param _from address The address which you want to send tokens from
   * @param _to address The address which you want to transfer to
   * @param _value uint256 the amount of tokens to be transferred
   */

  function transferFrom(address _from, address _to, uint256 _value) public returns (bool) {
    require(_to != address(0));
    require(_value > 0 && _value <= balances[_from]);
    require(_value <= allowed[_from][msg.sender]);

    balances[_from] = balances[_from].sub(_value);
    balances[_to] = balances[_to].add(_value);
    allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_value);
    Transfer(_from, _to, _value);
    return true;
  }

  /**
   * @dev Approve the passed address to spend the specified amount of tokens on behalf of msg.sender.
   *
   * Beware that changing an allowance with this method brings the risk that someone may use both the old
   * and the new allowance by unfortunate transaction ordering. One possible solution to mitigate this
   * race condition is to first reduce the spender's allowance to 0 and set the desired value afterwards:
   * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
   * @param _spender The address which will spend the funds.
   * @param _value The amount of tokens to be spent.
   */
  function approve(address _spender, uint256 _value) public returns (bool) {
    allowed[msg.sender][_spender] = _value;
    Approval(msg.sender, _spender, _value);
点击收藏 | 0 关注 | 1
  • 动动手指,沙发就是你的了!
登录 后跟帖