昨天,即4月22日,BEC合约 (是美链公司发布的token,于今年2月上线交易) 出现重大漏洞,现已暂停交易。
BEC的合约代码:Beauty Chain 美蜜 中出现严重bug,可以通过合约的批量转账的功能,无限复制token,参考文章一行代码蒸发了¥6,447,277,680 人民币!。
详细问题,在上面的文章中已经讲得很详细,此处进行简单的总结:
function batchTransfer(address[] _receivers, uint256 _value) public whenNotPaused returns (bool) {
uint cnt = _receivers.length;
uint256 amount = uint256(cnt) * _value;
require(cnt > 0 && cnt <= 20);
require(_value > 0 && balances[msg.sender] >= amount);
balances[msg.sender] = balances[msg.sender].sub(amount);
for (uint i = 0; i < cnt; i++) {
balances[_receivers[i]] = balances[_receivers[i]].add(_value);
Transfer(msg.sender, _receivers[i], _value);
}
return true;
}
该功能能够接收一个地址列表,然后向每一份地址转账_value个token;
uint256 amount = uint256(cnt) * _value; 这句没有进行溢出判断,合约的代码中,其实已经实现了安全的数学算法:
library SafeMath {
function mul(uint256 a, uint256 b) internal constant returns (uint256) {
uint256 c = a * b;
assert(a == 0 || c / a == b);
return c;
}
function div(uint256 a, uint256 b) internal constant returns (uint256) {
// assert(b > 0); // Solidity automatically throws when dividing by 0
uint256 c = a / b;
// assert(a == b * c + a % b); // There is no case in which this doesn't hold
return c;
}
function sub(uint256 a, uint256 b) internal constant returns (uint256) {
assert(b <= a);
return a - b;
}
function add(uint256 a, uint256 b) internal constant returns (uint256) {
uint256 c = a + b;
assert(c >= a);
return c;
}
}
但是,上面的乘法功能,并未使用自己实现的安全算法,从而导致bug出现;