Primeo (PEO)增发漏洞

96
降维安全实验室
2018.10.22 18:00 字数 174
image

降维安全在近期发现以太坊Token 合约PEO存在Owner增发漏洞

合约地址:

0x21A8A03b34e053F9B1d4545213d9D1d411a9D449

漏洞类型:

Token增发

威胁级别:

漏洞影响:

Onwer增发超过发行总量的Token,使Token迅速贬值。

漏洞编号:

CVE-2018-18425

详细信息:

存在漏洞的代码如下:

    function doAirdrop(address _participant, uint _amount) internal {

        require( _amount > 0 );      

        require( totalDistributed < totalSupply );
        
        balances[_participant] = balances[_participant].add(_amount);
        totalDistributed = totalDistributed.add(_amount);

        if (totalDistributed >= totalSupply) {
            distributionFinished = true;
        }

        // log
        emit Airdrop(_participant, _amount, balances[_participant]);
        emit Transfer(address(0), _participant, _amount);
    }

本代码检测了历史空投总量(totalDistributed )是否小于发行量,但是并未对传入的金额(_amount)进行有效检测。导致可以传入大于发行总量totalSupply的_amount,增发Token。
Owner调用代码

    function adminClaimAirdrop(address _participant, uint _amount) public onlyOwner {        
        doAirdrop(_participant, _amount);
    }

    function adminClaimAirdropMultiple(address[] _addresses, uint _amount) public onlyOwner {        
        for (uint i = 0; i < _addresses.length; i++) doAirdrop(_addresses[i], _amount);
    }

Owner用户有权限调用doAirdrop函数

修改建议:

 require( totalDistributed < totalSupply );

修改为:

require( totalDistributed + _amount > totalDistributed);
//防止溢出
require( totalDistributed + _amount <= totalSupply);
降维安全实验室公众号
区块链安全
Web note ad 1