security - blockchain - solidity 漏洞3:意外的ether (unexpected ether)
访问量: 374
说明
错误的使用了this.balance, 与 selfdestruct()函数
(我也没看明白)
例子:
contract EtherGame { uint public payoutMileStone1 = 3 ether; uint public mileStone1Reward = 2 ether; uint public payoutMileStone2 = 5 ether; uint public mileStone2Reward = 3 ether; uint public finalMileStone = 10 ether; uint public finalReward = 5 ether; mapping(address => uint) redeemableEther; // users pay 0.5 ether. At specific milestones, credit their accounts function play() public payable { require(msg.value == 0.5 ether); // each play is 0.5 ether uint currentBalance = this.balance + msg.value; // ensure no players after the game as finished require(currentBalance <= finalMileStone); // if at a milestone credit the players account if (currentBalance == payoutMileStone1) { redeemableEther[msg.sender] += mileStone1Reward; } else if (currentBalance == payoutMileStone2) { redeemableEther[msg.sender] += mileStone2Reward; } else if (currentBalance == finalMileStone ) { redeemableEther[msg.sender] += finalReward; } return; } function claimReward() public { // ensure the game is complete require(this.balance == finalMileStone); // ensure there is a reward to give require(redeemableEther[msg.sender] > 0); redeemableEther[msg.sender] = 0; msg.sender.transfer(redeemableEther[msg.sender]); } }
解决办法
contract EtherGame { uint public payoutMileStone1 = 3 ether; uint public mileStone1Reward = 2 ether; uint public payoutMileStone2 = 5 ether; uint public mileStone2Reward = 3 ether; uint public finalMileStone = 10 ether; uint public finalReward = 5 ether; uint public depositedWei; mapping (address => uint) redeemableEther; function play() public payable { require(msg.value == 0.5 ether); uint currentBalance = depositedWei + msg.value; // ensure no players after the game as finished require(currentBalance <= finalMileStone); if (currentBalance == payoutMileStone1) { redeemableEther[msg.sender] += mileStone1Reward; } else if (currentBalance == payoutMileStone2) { redeemableEther[msg.sender] += mileStone2Reward; } else if (currentBalance == finalMileStone ) { redeemableEther[msg.sender] += finalReward; } depositedWei += msg.value; return; } function claimReward() public { // ensure the game is complete require(depositedWei == finalMileStone); // ensure there is a reward to give require(redeemableEther[msg.sender] > 0); redeemableEther[msg.sender] = 0; msg.sender.transfer(redeemableEther[msg.sender]); } }