1. 北竹林首页
  2. 资讯
  3. 技术指南

parity多签名合约漏洞分析

昨晚出事后看了安全公告:https://paritytech.io/blog/security-alert.html

分析合约代码后:https://etherscan.io/address/0x863df6bfa4469f3ead0be8f9f2aae51c91a907b4#code

parity多签名合约漏洞分析

发现漏洞由如下代码段引起:

 // constructor - just pass on the owner array to the multiowned and // the limit to daylimit function initWallet(address[] _owners, uint _required, uint _daylimit) only_uninitialized { initDaylimit(_daylimit); initMultiowned(_owners, _required); } // constructor is given number of sigs required to do protected "onlymanyowners" transactions // as well as the selection of addresses capable of confirming them. function initMultiowned(address[] _owners, uint _required) only_uninitialized { m_numOwners = _owners.length + 1; m_owners[1] = uint(msg.sender); m_ownerIndex[uint(msg.sender)] = 1; for (uint i = 0; i < _owners.length; ++i) { m_owners[2 + i] = uint(_owners[i]); m_ownerIndex[uint(_owners[i])] = 2 + i; } m_required = _required; } 

这个函数假定创建者会调用initWallet函数,但是initWallet根本没有任何鉴权,任何人都可以成为owner,然后就可以调用kill函数杀死合约自身。

 // kills the contract sending everything to `_to`. function kill(address _to) onlymanyowners(sha3(msg.data)) external { suicide(_to); } 

自杀之后,唯一可以用的函数只有

 // gets called when no other function matches function() payable { // just being sent some cash? if (msg.value > 0) Deposit(msg.sender, msg.value); } 

parity是我现在用的eth客户端,速度快,体验好,然而安全问题是0容忍的,出现安全事故也是挺震惊的。


声明:登载此文出于传递更多信息之目的,观点仅代表作者本人,绝不代表北竹林赞同其观点或证实其描述。

提示:投资有风险,入市须谨慎。本资讯不作为投资理财建议。

联系我们

QQ:

1739447883

邮箱:

1739447883@qq.com