搜索

[12965] 2018-07-20_Parity多重签名合约Delegatecall漏洞回顾

文档创建者:s7ckTeam
浏览次数:42
最后更新:2025-01-18
2018-07-20_Parity多重签名合约Delegatecall漏洞回顾 P a r i t y D e l e g a t e c a l l B U G X   F r e e B u f   2 0 1 8 - 0 7 - 2 0 2 0 1 7 7 1 9 P a r i t y   M u l t i s i g   1 5 3 0 0 0 d e l e g a t e c a l l i s s u e   l o w - l e v e l   D E L E G A T E C A L L , r e t u r n s   f a l s e   o n   f a i l u r e ,   f o r w a r d s   a l l   a v a i l a b l e   g a s ,   a d j u s t a b l e   c a l l d e l e g a t e c a l l 使 使 ( ) d e l e g a t e c a l l   d e l e g a t e c a l l     i n i t W a l l e t     i n i t W a l l e t     i n i t M u l t i o w n e d 使   l i b r a r y     P a r i t y   1         2   使   d e l e g a t e c a l l ( )     p u b l i c     i n i t W a l l e t     i n i t W a l l e t   < a d d r e s s > . d e l e g a t e c a l l ( . . . )   r e t u r n s   ( b o o l ) : i n i t W a l l e t o w n e r / /   l i n e   2 1 6 / /   c o n s t r u c t o r   -   j u s t   p a s s   o n   t h e   o w n e r   a r r a y   t o   t h e   m u l t i o w n e d   a n d     / /   t h e   l i m i t   t o   d a y l i m i t f u n c t i o n   i n i t W a l l e t ( a d d r e s s [ ]   _ o w n e r s ,   u i n t   _ r e q u i r e d ,   u i n t   _ d a y l i m i t )   {     i n i t D a y l i m i t ( _ d a y l i m i t ) ;     i n i t M u l t i o w n e d ( _ o w n e r s ,   _ r e q u i r e d ) ; }
3   h t t p s : / / e t h e r s c a n . i o / t x / 0 x 9 d b f 0 3 2 6 a 0 3 a 2 a 3 7 1 9 c 2 7 b e 4 f a 6 9 a a c c 9 8 5 7 f d 2 3 1 a 8 d 9 d c a e d e 4 b b 0 8 3 d e f 7 5 e c 4     f u n d s h t t p s : / / e t h e r s c a n . i o / t x / 0 x e e f 1 0 f c 5 1 7 0 f 6 6 9 b 8 6 c 4 c d 0 4 4 4 8 8 2 a 9 6 0 8 7 2 2 1 3 2 5 f 8 b f 2 f 5 5 d 6 1 8 8 6 3 3 a a 7 b e 7 c 使     使       W a l l e t L i b r a r y   h t t p s : / / e t h e r s c a n . i o / a d d r e s s / 0 x a 6 5 7 4 9 1 c 1 e 7 f 1 6 a d b 3 9 b 9 b 6 0 e 8 7 b b b 8 d 9 3 9 8 8 b c 3 # c o d e T h e   P a r i t y   W a l l e t   H a c k   E x p l a i n e d h t t p s : / / b l o g . z e p p e l i n . s o l u t i o n s / o n - t h e - p a r i t y - w a l l e t - m u l t i s i g - h a c k - 4 0 5 a 8 c 1 2 e 8 f 7 B U G X . I O 2 0 1 4 * B U G X . I O - T r i 0 n e s F r e e B u f . C O M / /   l i n e   4 2 4 f u n c t i o n ( )   p a y a b l e   {     / /   j u s t   b e i n g   s e n t   s o m e   c a s h ?     i f   ( m s g . v a l u e   >   0 )         D e p o s i t ( m s g . s e n d e r ,   m s g . v a l u e ) ;     e l s e   i f   ( m s g . d a t a . l e n g t h   >   0 )         _ w a l l e t L i b r a r y . d e l e g a t e c a l l ( m s g . d a t a ) ; } o w n e r D a t a F u n c t i o n :   i n i t W a l l e t ( a d d r e s s [ ]   _ o w n e r s ,   u i n t 2 5 6   _ r e q u i r e d ,   u i n t 2 5 6   _ d a y l i m i t )   * * * M e t h o d I D :   0 x e 4 6 d c f e b [ 0 ] :     0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 6 0 [ 1 ] :     0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 [ 2 ] :     0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 6 7 7 9 8 0 8 c 0 3 e 4 1 4 0 0 0 0 [ 3 ] :     0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 [ 4 ] :     0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 b 3 7 6 4 7 6 1 e 2 9 7 d 6 f 1 2 1 e 7 9 c 3 2 a 6 5 8 2 9 c d 1 d d b 4 d 3 2 e x e c u t e F u n c t i o n :   e x e c u t e ( a d d r e s s   _ t o ,   u i n t 2 5 6   _ v a l u e ,   b y t e s   _ d a t a )   * * * M e t h o d I D :   0 x b 6 1 d 2 7 f 6 [ 0 ] :     0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 b 3 7 6 4 7 6 1 e 2 9 7 d 6 f 1 2 1 e 7 9 c 3 2 a 6 5 8 2 9 c d 1 d d b 4 d 3 2 [ 1 ] :     0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 6 7 7 9 8 0 8 c 0 3 e 4 1 4 0 0 0 0 [ 2 ] :     0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 6 0 [ 3 ] :     0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 [ 4 ] :     0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 d e l e g a t e c a l l ( ) p u b l i c e x t e r n a l o n l y O w n e r

回复

举报

高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

Archiver| 手机版| 小黑屋|
Powered by Discuz! X3.4 Copyright © 2001-2020, Tencent Cloud. 商业源码建议获取授权,如侵犯您的权益,请联系客服处理