by: SlowMist Security Team
1. the mechanism of vulnerability
The design that in an EOS smart contract, one can call another contract via the function require_recipient, which provides the contract developers with great convenience, but at the same time, brings new problem.
Let's take the EOSBet DApp being attacked as an example:
image
2. reply the vulnerability
1. create a normal account of the attacker:aaaaaa
2. create a contract account of the attacker:cccccc,and deploy the smart contract used for attacking
image
3. target account of attack:eosbetdice11
We modify the official open source code by adding the print code to watch the call process:
image
4. start an attack
transfer from the attacker normal account:aaaaaa to malicious contract account:cccccc
image
From the message in console, we can see that the transfer function of eosbetdice11 is successfully invoked:
image
3. repair plan
Add the verification to ensure that the to in transfer function is equal to _self, in order to avoid the specific problem. If you have any questions, please contact us for help.
image
SlowMist Media Channel
Telegram
https://twitter.com/@slowmist_team
Medium
网友评论