Detailed explanation of Ethereum smart contract vulnerabilities：On-chain recurring vulnerabilities
Detailed explanation of Ethereum smart contract vulnerabilities, Welcome to follow us and discuss
Author: hzqd@lunaray security team
0x01 On-chain test preparation
If you are doing on-chain testing related content for the first time, some preparation is required.
Open MetaMask Wallet
For on-chain testing, you must have a wallet first. We can go to: https://metamask.io to download the wallet. It is recommended to use a browser plug-in because it is more convenient for us to communicate with remix. Follow the registration prompts to complete the creation of the default account.
Receive the test coins
You can go to https://faucet.paradigm.xyz to receive test coins:
Connect to test network
After receiving the money, you will find that the account balance has not changed. This is because we are not connected to the test network.
Wallet => Settings => Advanced => Show Test Network, turn on the switch; then select the test network in the network selection list.
0x02 On-chain vulnerability recurrence
Vulnerable contract preparation:
First, copy-paste the BEC contract with the vulnerability:
into the remix editor. After compiling, deploy the contract with the first account:
Create a new account and claim test coins (hacker account)
After the deployment is successful, we create three new accounts (as shown in the figure below), then use the method mentioned above to receive test coins for one of the accounts, and then establish communication with remix.
To establish communication between the new account and remix, you only need to switch accounts in the wallet (click Account 2 in the picture above).
Since the vulnerability is sending money to multiple addresses, we will just prepare two new empty accounts as addresses to receive funds:
Paste them into two double quotation marks in the following format of batchTransfer of the deployment contract, you can：
Because the 256th power of 2 overflows, we calculate 2 to the 255th power: (The following figure shows the calculation code of the Kotlin programming language)
You can execute this code on the https://play.kotlinlang.org website to see the results.printout:
This value multiplied by 2 (the number of accounts) just overflowed, and the value was 0, which passed the verification of the transfer amount — I have so much money, I can transfer!
After we switch to Account 2, we can launch an attack:
View on-chain transaction information
After completing the attack, we check whether the transfer is successful, the URL is:
https://kovan.etherscan.io/address/ write to your attack account address here
Then click the link of Txn Hash, you can see the details of the transaction:
If Status: Success appears, the transfer is successful!
Inquiry to account
Although the transaction information shows that it is successful, why is our balance still unchanged?
This is because the contract issues BEC tokens, and we need to add the address of the contract to the wallet:
Then copy the address of the contract to:
You can see the money! Well, it’s the money on the test chain:
When the vulnerability is reproduced on the chain, it is necessary to clarify the type of the chain and the associated wallet. After that, by collecting test coins, deploying contracts, and initiating transactions, the test of smart contracts on the chain is realized.