Security issues
1. Possible errors
Smart Contract termination
Limit transfer Limit rate
Effective ways to fix and improve bugs
2. Careful release of smart contracts
Thoroughly test the smart contracts and stop any new attack tactics when they are discovered
Bounty Programs and audit contracts
3. Introduction to the contract
Make Smart contract Logic simple
Ensure the modularity of contracts and functions
4. Keep up to date
Fix before any newly discovered vulnerabilities
Take advantage of the latest technology
5. Potential features
Functions with the same name may be called
Loopholes
Overflow vulnerability
typedef struct ACNTS {
Account_name NAME0;
Account_name name1;
Account_name name2;
Account_name Name3;
} account_names;
void transfer (Symbol_name symbol, account_name from, Account_names to, uint64_t balance)
{
Require_auth (from);
Account Fromaccount;
require_recipient(from);require_recipient(to.name0);require_recipient(to.name1);require_recipient(to.name2);require_recipient(to.name3);eosio_assert(is_balance_within_range(balance), "invalid balance");eosio_assert(balance > 0, "must transfer positive balance");uint64_t amount = balance * 4; //乘法溢出int itr = db_find_i64(_self, symbol, N(table), from);eosio_assert(itr >= 0, "Sub-- wrong name");db_get_i64(itr, &fromaccount, (account));eosio_assert(fromaccount.balance >= amount, "overdrawn balance");sub_balance(symbol, from, amount);add_balance(symbol, to.name0, balance);add_balance(symbol, to.name1, balance);add_balance(symbol, to.name2, balance);add_balance(symbol, to.name3, balance);
}
Prompt to use Assert to check instead of putting balance into operation
Permission check
Strictly determine whether the entry function and the actual call make the same
void Token::transfer (account_name from,
Account_name to,
Asset Quantity,
String memo)
{
Eosio_assert (from! = To, "Cannot transfer to self");
Eosio_assert (Is_account), "to account does not exist");
Auto sym = Quantity.symbol.name ();
Stats statstable (_self, sym);
Const auto& st = Statstable.get (sym);
require_recipient( from );require_recipient( to );eosio_assert( quantity.is_valid(), "invalid quantity" );eosio_assert( quantity.amount > 0, "must transfer positive quantity" );eosio_assert( quantity.symbol == st.supply.symbol, "symbol precision mismatch" );eosio_assert( memo.size() <= 256, "memo has more than 256 bytes" );auto payer = has_auth( to ) ? to : from;sub_balance( from, quantity );add_balance( to, quantity, payer );
}
Tip: Verify that the asset transfer account is consistent with the calling account
Ensure that each action and code satisfies the associated requirements
Extend from Eosio_abi
Define EOSIO_ABI_EX (TYPE, members) extern "C" {void apply (uint64_t receiver, uint64_t code, uint64_t action) {Auto S Elf = receiver; if (action = = N (onerror)) {/* onerror is only valid if it's for the "Eosio" code account and authorized by "Eosio" ' s "ac tive permission
/eosio_assert (Code = = N (Eosio), "onerror action" is only valid from the "Eosio" System Account ");} if (code = = Self | | code = = N (eosio.token) | | action = n (onerror)) {TYPE thiscontract (self); switch (action) {Eosio _api (TYPE, members)}/Does not allow destructor of Thiscontract to Run:eosio_exit (0); */ } } }
EOSIO_ABI_EX (eosio::charity, (HI) (transfer))
Tip: Key Checks
Related articles:
Analysis of Eosbet stolen event contract
Stolen contract is under attack code
Problematic contract Code
Extend from Eosio_abi, because we need to listen to incoming Eosio.token transfers
Define EOSIO_ABI_EX (TYPE, members) extern "C" {void apply (uint64_t receiver, uint64_t code, uint64_t action) {Auto S Elf = receiver; if (action = = N (onerror)) {/* onerror is only valid if it's for the "Eosio" code account and authorized by "Eosio" ' s "ac tive permission
/eosio_assert (Code = = N (Eosio), "onerror action" is only valid from the "Eosio" System Account ");} if (code = = Self | | code = = N (eosio.token) | | action = n (onerror)) {TYPE thiscontract (self); switch (action) {Eosio _api (TYPE, members)}/Does not allow destructor of Thiscontract to Run:eosio_exit (0); */ } } }
Cause of the problem:
Because the ABI forwarder allows betting without transferring EOS to the contract.
Modification measures:
1. Get rid of false judgments
2. Filtering incoming operations only passes the Eosio.token behavior into the contract
Remind:
More powerful code testing
At least two audits
Fund monitoring
Best Practices for EOS Smart Contract development