简书向大家分享了parity多签名合约漏洞分析,其中包含parity多签名合约漏洞等知识点,遇到此问题的同学们可以参考下
昨晚出事后看了安全公告:https://paritytech.io/blog/security-alert.html
分析合约代码后:https://etherscan.io/address/0x863df6bfa4469f3ead0be8f9f2aae51c91a907b4#code
发现漏洞由如下代码段引起:
// constructor - just pass on the owner array to the multiowned and // the limit to daylimit function initWallet(address[] _owners, uint _required, uint _daylimit) only_uninitialized { initDaylimit(_daylimit); initMultiowned(_owners, _required); } // constructor is given number of sigs required to do protected "onlymanyowners" transactions // as well as the selection of addresses capable of confirming them. function initMultiowned(address[] _owners, uint _required) only_uninitialized { m_numOwners = _owners.length + 1; m_owners[1] = uint(msg.sender); m_ownerIndex[uint(msg.sender)] = 1; for (uint i = 0; i < _owners.length; ++i) { m_owners[2 + i] = uint(_owners[i]); m_ownerIndex[uint(_owners[i])] = 2 + i; } m_required = _required; } |
这个函数假定创建者会调用initWallet函数,但是initWallet根本没有任何鉴权,任何人都可以成为owner,然后就可以调用kill函数杀死合约自身。
// kills the contract sending everything to `_to`. function kill(address _to) onlymanyowners(sha3(msg.data)) external { suicide(_to); } |
自杀之后,唯一可以用的函数只有
// gets called when no other function matches function() payable { // just being sent some cash? if (msg.value > 0) Deposit(msg.sender, msg.value); }