Infinite Tokens

Published by Mario Oettler on

Problemstellung

Gegeben ist folgender Contract: 01_InfiniteToken_Vulnerable.sol

pragma solidity ^0.8.26;
contract Overflow {
     
    mapping(address => uint256) balances;
    uint256 public totalSupply;
     
    constructor (uint256 _initialSupply) {
        balances[msg.sender] = totalSupply = _initialSupply;
    }
     
    function transfer(address _to, uint256 _value) public returns (bool){
        unchecked{
            require(balances[msg.sender] - _value >=0);
            balances[msg.sender] -= _value;
            balances[_to] += _value;
            return true;
        }
    }
     
    function balanceOf(address _owner) public view returns (uint256 balance){
        return balances[_owner];
    }
}
  1. Deployen Sie diesen und weisen Sie sich dabei 20 Token zu.
  2. Versuchen Sie nun, sich so viele Token zu sichern, wie sie können. Sie haben ca. fünf Minuten dafür Zeit. Danach wird die Lösung vorgestellt.

Lösung

Dies kann mithilfe eines Variablenüberlaufes bewerkstelligt werden.

  1. Aufrufen der Funktion transfer() von dem Account, der den Token deployed wurde. Als Argument eine andere Adresse und einen Betrag > 20 Token eintragen.
  2. Prüfen mit balanceOf und Adresse, mit der der Token deployed wurde.

uints sind immer > 0. (unsigned Integer) Darum ist die require() stets erfüllt.

Schutz

Seit Version 0.8 bietet der Solidity-Compiler einen Überlaufschutz an. Sollte ein Variablenüberlauf stattfinden, wird ein revert durchgeführt. Der Überlaufschutz kann jedoch durch den Befehl unchecked{} ausgeschaltet werden.

Den Beispiel-Contract ohne unchecked{}-Block finden Sie in folgender Datei: 01_InfiniteToken_Not_Vulnerable.sol

pragma solidity ^0.8.26;
contract Overflow {
     
    mapping(address => uint256) balances;
    uint256 public totalSupply;
     
    constructor (uint256 _initialSupply) {
        balances[msg.sender] = totalSupply = _initialSupply;
    }
     
    function transfer(address _to, uint256 _value) public returns (bool){
        require(balances[msg.sender] - _value >=0);
        balances[msg.sender] -= _value;
        balances[_to] += _value;
        return true;
    }
     
    function balanceOf(address _owner) public view returns (uint256 balance){
        return balances[_owner];
    }
}

In einem unchecked{}-Block gibt es folgende Möglichkeiten, sich vor dem Exploit zu schützen

Es gibt verschiedene Möglichkeiten, diesen Exploit zu vermeiden:

  1. statt

require(balances[msg.sender] – _value >=0);

zu benutzen, kann

require(balances[msg.sender] >= _value);

verwendet werden.

  • SafeMath Library benutzen.

OpenZeppelin hat eine Bibliothek bereitgestellt, die gängige Matheprobleme in Smart Contracts löst. (Overflow und Division durch null)

Es gibt verschiedene Möglichkeiten, diese Bibliothek einzubinden. Die aktuelle Version dieser Bibliothek nutzt die Überlaufprüfung des Compilers ebenfalls.

Einen Beispielcontract finden Sie in folgender Datei: 01_infiniteToken_SafeMath.sol

pragma solidity ^0.8.0;

contract Overflow {
    using SafeMath for uint256;  //Einbinden der Bibliothek SafeMath für uint256-Variablen
    
    mapping(address => uint256) balances;
    uint256 public totalSupply;
    
    constructor (uint256 _initialSupply) {
        balances[msg.sender] = totalSupply = _initialSupply;
    }
    
    function calculator(uint256 var1, uint256 var2) public pure returns (uint256){
        uint256 c = var1.sub(var2); // Nutzen der SafeMath-Funktion
        return c;
    }
        
    function transfer(address _to, uint256 _value) public returns (bool){
        require(balances[msg.sender].sub(_value) >=0);
        balances[msg.sender] -= _value;
        balances[_to] += _value;
        return true;
    }
    
    function balanceOf(address _owner) public view returns (uint256 balance){
        return balances[_owner];
    }

}




// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.6.0) (utils/math/SafeMath.sol)

pragma solidity ^0.8.0;

// CAUTION
// This version of SafeMath should only be used with Solidity 0.8 or later,
// because it relies on the compiler's built in overflow checks.

/**
 * @dev Wrappers over Solidity's arithmetic operations.
 *
 * NOTE: `SafeMath` is generally not needed starting with Solidity 0.8, since the compiler
 * now has built in overflow checking.
 */
library SafeMath {
    /**
     * @dev Returns the addition of two unsigned integers, with an overflow flag.
     *
     * _Available since v3.4._
     */
    function tryAdd(uint256 a, uint256 b) internal pure returns (bool, uint256) {
        unchecked {
            uint256 c = a + b;
            if (c < a) return (false, 0);
            return (true, c);
        }
    }

    /**
     * @dev Returns the subtraction of two unsigned integers, with an overflow flag.
     *
     * _Available since v3.4._
     */
    function trySub(uint256 a, uint256 b) internal pure returns (bool, uint256) {
        unchecked {
            if (b > a) return (false, 0);
            return (true, a - b);
        }
    }

    /**
     * @dev Returns the multiplication of two unsigned integers, with an overflow flag.
     *
     * _Available since v3.4._
     */
    function tryMul(uint256 a, uint256 b) internal pure returns (bool, uint256) {
        unchecked {
            // Gas optimization: this is cheaper than requiring 'a' not being zero, but the
            // benefit is lost if 'b' is also tested.
            // See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522
            if (a == 0) return (true, 0);
            uint256 c = a * b;
            if (c / a != b) return (false, 0);
            return (true, c);
        }
    }

    /**
     * @dev Returns the division of two unsigned integers, with a division by zero flag.
     *
     * _Available since v3.4._
     */
    function tryDiv(uint256 a, uint256 b) internal pure returns (bool, uint256) {
        unchecked {
            if (b == 0) return (false, 0);
            return (true, a / b);
        }
    }

    /**
     * @dev Returns the remainder of dividing two unsigned integers, with a division by zero flag.
     *
     * _Available since v3.4._
     */
    function tryMod(uint256 a, uint256 b) internal pure returns (bool, uint256) {
        unchecked {
            if (b == 0) return (false, 0);
            return (true, a % b);
        }
    }

    /**
     * @dev Returns the addition of two unsigned integers, reverting on
     * overflow.
     *
     * Counterpart to Solidity's `+` operator.
     *
     * Requirements:
     *
     * - Addition cannot overflow.
     */
    function add(uint256 a, uint256 b) internal pure returns (uint256) {
        return a + b;
    }

    /**
     * @dev Returns the subtraction of two unsigned integers, reverting on
     * overflow (when the result is negative).
     *
     * Counterpart to Solidity's `-` operator.
     *
     * Requirements:
     *
     * - Subtraction cannot overflow.
     */
    function sub(uint256 a, uint256 b) internal pure returns (uint256) {
        return a - b;
    }

    /**
     * @dev Returns the multiplication of two unsigned integers, reverting on
     * overflow.
     *
     * Counterpart to Solidity's `*` operator.
     *
     * Requirements:
     *
     * - Multiplication cannot overflow.
     */
    function mul(uint256 a, uint256 b) internal pure returns (uint256) {
        return a * b;
    }

    /**
     * @dev Returns the integer division of two unsigned integers, reverting on
     * division by zero. The result is rounded towards zero.
     *
     * Counterpart to Solidity's `/` operator.
     *
     * Requirements:
     *
     * - The divisor cannot be zero.
     */
    function div(uint256 a, uint256 b) internal pure returns (uint256) {
        return a / b;
    }

    /**
     * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),
     * reverting when dividing by zero.
     *
     * Counterpart to Solidity's `%` operator. This function uses a `revert`
     * opcode (which leaves remaining gas untouched) while Solidity uses an
     * invalid opcode to revert (consuming all remaining gas).
     *
     * Requirements:
     *
     * - The divisor cannot be zero.
     */
    function mod(uint256 a, uint256 b) internal pure returns (uint256) {
        return a % b;
    }

    /**
     * @dev Returns the subtraction of two unsigned integers, reverting with custom message on
     * overflow (when the result is negative).
     *
     * CAUTION: This function is deprecated because it requires allocating memory for the error
     * message unnecessarily. For custom revert reasons use {trySub}.
     *
     * Counterpart to Solidity's `-` operator.
     *
     * Requirements:
     *
     * - Subtraction cannot overflow.
     */
    function sub(
        uint256 a,
        uint256 b,
        string memory errorMessage
    ) internal pure returns (uint256) {
        unchecked {
            require(b <= a, errorMessage);
            return a - b;
        }
    }

    /**
     * @dev Returns the integer division of two unsigned integers, reverting with custom message on
     * division by zero. The result is rounded towards zero.
     *
     * Counterpart to Solidity's `/` operator. Note: this function uses a
     * `revert` opcode (which leaves remaining gas untouched) while Solidity
     * uses an invalid opcode to revert (consuming all remaining gas).
     *
     * Requirements:
     *
     * - The divisor cannot be zero.
     */
    function div(
        uint256 a,
        uint256 b,
        string memory errorMessage
    ) internal pure returns (uint256) {
        unchecked {
            require(b > 0, errorMessage);
            return a / b;
        }
    }

    /**
     * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),
     * reverting with custom message when dividing by zero.
     *
     * CAUTION: This function is deprecated because it requires allocating memory for the error
     * message unnecessarily. For custom revert reasons use {tryMod}.
     *
     * Counterpart to Solidity's `%` operator. This function uses a `revert`
     * opcode (which leaves remaining gas untouched) while Solidity uses an
     * invalid opcode to revert (consuming all remaining gas).
     *
     * Requirements:
     *
     * - The divisor cannot be zero.
     */
    function mod(
        uint256 a,
        uint256 b,
        string memory errorMessage
    ) internal pure returns (uint256) {
        unchecked {
            require(b > 0, errorMessage);
            return a % b;
        }
    }
}
Categories: