Block chain security-ether corner short address attack

0x00 Basic KnowledgeThe EVM virtual machine, when parsing a contract's bytecode, relies on the definition of the ABI to identify where each field is in the byte code. About ABI, you can read this document: Https://github.com/ethereum/wiki/wiki/Ethereum-Contract-ABI General ERC-20 token standard tokens will implement the transfer method, This method is defined in the ERC-20 label as: functionTransfer (address to, uint tokens) PublicReturns (bool success); The first parameter is the destination address where the token is sent, and the second is the number of token sent. When we call the transfer function to send n ERC-20 tokens to an address, the input data of the transaction is divided into 3 parts: 4 bytes, is the hash of the method name: A9059CBB 32 bytes, place the ether address, the current Ethernet square address is 20 bytes, high-risk 0 000000000000000000000000ABCABCABCABCABCABCABCABCABCABCABCABCABCA 32 bytes, is the number of tokens that need to be transmitted, this is 1*10^18 GNT 0000000000000000000000000000000000000000000000000de0b6b3a7640000 all of these add up to the transaction data:

a9059cbb000000000000000000000000abcabcabcabcabcabcabcabcabcabcabcabcabca0000000000000000000000000000000000000000000000000 de0b6b3a7640000

0x01 Ethernet short Address when invoking the transfer method, if a user is allowed to enter a short address, this is usually the exchange where no processing is done, such as not verifying that the user entered the address length is legitimate. If an etheric square address is as follows, note that the end is 0:0x12345678901234567890123456789012345678 when we omit the following 00, EVM will get 00来 supplements from the high level of the next parameter, which can lead to some problems. At this point, the number of token is actually less than 1 bytes, that is, the number of token left a byte, so that the contract to send more than a lot of tokens out. Let's look at an example:

When the Sendcoin method is invoked, the parameters passed in are as follows: 0x90b98a11 00000000000000000000000062bec9abe373123b9b635b75608f94eb8644163e 0000000000000000000000000000000000000000000000000000000000000002 The 0x90b98a11 here is the hash value of method, the second is the address and the third is the amount parameter. If we call the Sendcoin method, the incoming address 0x62bec9abe373123b9b635b75608f94eb8644163e, throw the "3e" of this address away, that is, throw a byte at the end, and the argument becomes: 0X90B98A11 00000000000000000000000062bec9abe373123b9b635b75608f94eb86441600                                                                  00000000000000000000000000000000000000000000000000000000000002 ^^ missing 1 bytes here EVM 0 of a byte of amount's high is populated to the address, which shifts the amount left 1 bytes to the left 8. In this way, amount is 2 << 8 = 512.

0x02 constructed short address attack(1) First generate a ETH, this account at the end of 2 0

Use some of the running number tools can be done, such as Mylinktoken tools, can easily run out of the end of the two 0.

(2) Find an Exchange wallet, the wallet has a token number of 256000 (3) to this wallet to send 1000 coins (4) and then from this wallet to raise 1000 coins, of course, this time when the address of the last two 0 remove if the Exchange does not check the user filled in the ether address, The EVM will package all the parameters of the function together, eating up to 1 bytes of the amount parameter's high. (5) The three parameters are passed into the msg.data, and then the transfer method of the contract is invoked, at which point amount is eaten by 1 bytes of the high position, so amount = Amount << 8, which is enlarged 256 times times, So we put 25,600 coins in all.

0x03 summed up to this loophole, to tell the truth, Ether has an unshirkable responsibility, because the EVM does not strictly verify the number of addresses, and also automatically add to disappear the number of digits. In addition, the exchange in the currency, the need to strictly verify the user input address, so as early as possible in front of the ban on malicious short address.

Reference https://blog.golemproject.net/how-to-find-10m-by-just-reading-blockchain-6ae9d39fcd95 http:// vessenes.com/the-erc20-short-address-attack-explained/https://ericrafaloff.com/ analyzing-the-erc20-short-address-attack/