1. 链一财经首页
  2. 资讯

parity多签名合约漏洞分析

昨晚出事后看了安全公告:https://paritytech.io/blog/security-alert.html

分析合约代码后:https://etherscan.io/address/0x863df6bfa4469f3ead0be8f9f2aae51c91a907b4#code

parity多签名合约漏洞分析

发现漏洞由如下代码段引起:

// constructor – just pass on the owner array to the multiowned and
// the limit to daylimit
function initWallet(address[] _owners, uint _required, uint _daylimit) only_uninitialized {
initDaylimit(_daylimit);
initMultiowned(_owners, _required);
}

// constructor is given number of sigs required to do protected “onlymanyowners” transactions
// as well as the selection of addresses capable of confirming them.
function initMultiowned(address[] _owners, uint _required) only_uninitialized {
m_numOwners = _owners.length + 1;
m_owners[1] = uint(msg.sender);
m_ownerIndex[uint(msg.sender)] = 1;
for (uint i = 0; i < _owners.length; ++i)
{
m_owners[2 + i] = uint(_owners[i]);
m_ownerIndex[uint(_owners[i])] = 2 + i;
}
m_required = _required;
}

这个函数假定创建者会调用initWallet函数,但是initWallet根本没有任何鉴权,任何人都可以成为owner,然后就可以调用kill函数杀死合约自身。

// kills the contract sending everything to `_to`.
function kill(address _to) onlymanyowners(sha3(msg.data)) external {
suicide(_to);
}

自杀之后,唯一可以用的函数只有

// gets called when no other function matches
function() payable {
// just being sent some cash?
if (msg.value > 0)
Deposit(msg.sender, msg.value);
}

parity是我现在用的eth客户端,速度快,体验好,然而安全问题是0容忍的,出现安全事故也是挺震惊的。

作者:菠菜philsong
原文载于:http://www.jianshu.com/p/8b13024bc430

根据国家《关于防范代币发行融资风险的公告》,大家应警惕代币发行融资与交易的风险隐患。

本文来自LIANYI转载,不代表链一财经立场,转载请联系原作者。

发表评论

登录后才能评论

联系我们

微信:kkyves

邮件:kefu@lianyi.com

时间:7x24,节假日bu休息

QR code