当前位置:网站首页>智能合约安全-整数溢出(SW101-IntegerOverflowAndUnderflow)
智能合约安全-整数溢出(SW101-IntegerOverflowAndUnderflow)
2022-08-06 02:36:00 【Johnathan】
攻击名称
整数溢出(上溢和下溢)
攻击分类CWE-682
计算不正确
攻击描述
当算数运算达到改类型的最大或最小值时,就是出现溢出。比如uint8类型,它的取值范围为0-2^8-1,当运算时尝试创建一个超出该类型可描述范围的值时,就会出现整数溢出。
合约案例
减法下溢、加法上溢和乘法下溢
// SPDX-License-Identifier: GPL-3.0pragma solidity ^0.6.10;contract Overflow { uint8 public count = 1; function set(uint8 _count) public { count = _count; } function sub(uint8 input) public { count -= input; } function mul(uint8 input) public { count = 255; count *= input; } function add(uint8 input) public { count = 255; count += input; }}分别运行sub,mul和add函数,会发现与预期结果不一致。
防止策略
检查预期结果是否一致。
contract FixOverflow { uint8 public count = 1; function set(uint8 _count) public { count = _count; } function sub(uint8 input) public { count = sub(count, input); } function mul(uint8 input) public { count = mul(count,input); } function add(uint8 input) public { count = 255; count = add(count, input); } function sub(uint8 a, uint8 b) internal pure returns (uint8) { require(b <= a, "Underflow!"); return a -b; } function add(uint8 a, uint8 b) internal pure returns (uint8) { uint8 c = a + b; require( c>=a, "Overflow!"); return c; } function mul(uint8 a, uint8 b) internal pure returns (uint8) { if (a == 0) { return 0; } uint8 c = a *b; require( c / a == b, "Overflow!"); return c; }}或直接使用openzeppelin数学库。
pragma solidity ^0.8.0;import "https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/utils/math/SafeMath.sol"; //[Remix环境]contract FixedOverflow { uint256 public count = 1; function set(uint256 _count) public { count = _count; } function sub(uint256 input) public { count = SafeMath.sub(count, input, "Overflow!"); } function mul(uint256 input) public { count = 2**256 -1; count = SafeMath.mul(count,input); } function add(uint256 input) public { count = 2**256 -1; count = SafeMath.add(count, input); }}边栏推荐
- 基于Flask框架实现Mock Server
- 币圈新手指南,虚拟币交易平台哪个好
- Wasabi Technologies adds Japanese and Australian executives to leadership team to support demand for hot cloud storage across Asia Pacific
- Soul submitted a listing application to the Hong Kong Stock Exchange and continued to develop the social metaverse track
- Removal control of WPF screenshot control (9) "Imitation WeChat"
- ftp 报错 553 Could not create file
- 币圈再次受攻击损失400万美元,9000多个钱包被破解
- FTX交易所入榜福布斯2022金融科技50强名单
- A question about pm2 automation deployment project
- ansible shell 模块
猜你喜欢
Find the Nth node of the linked list
5、nerf++(pytorch)
数据治理:走出数据孤岛
Software Engineering - University Gymnasium Management System Class Diagram
Soul递交上市招股书,以技术为基石构建多元社交元宇宙
CAN turn 4 g remote passthrough record cloud gateway for engineering machinery CAN assign
vtk 补洞 两种实现
6、NeRF in the Wild
LeetCode Daily 2 Questions 01: Flip word prefixes (both 1200 questions)
Students' illegal use of the database causes the school's IP to be permanently blocked
随机推荐
[深入研究4G/5G/6G专题-45]: L3信令控制-1-软件功能和整体架构
软件工程-大学体育馆管理系统类图
如何删除掉一张表的重复数据?
ftp 报错 553 Could not create file
KGAT recommendation system
基于Flask框架实现Mock Server
MVCC interview questions
拦截器通过自定义注解来判断是否拦截
二级路由嵌套实现移动端案例
6、NeRF in the Wild
如何改变WooCommerce的默认数量
Transformer pytorch实现逐行详解
微信小程序 多选————四选二
LeetCode Daily 2 Questions 02: Number of Palindromes (1200 each)
分段缓存有什么特点呢?
Students' illegal use of the database causes the school's IP to be permanently blocked
TS (TypeScript) Binary Operators + , - , * , / , % , << , >> , >>> , & , | , ^ Analysis
js_数组对象改属排序(含并别排序)
【leetcode】4.寻找两个正序数组的中位数
pcl point cloud networking vtk Delaunay point cloud networking