-
Notifications
You must be signed in to change notification settings - Fork 3.6k
EOS 抵押 漏洞 #4273
Comments
can I get eos reward! |
By bonuses in general, all are silent, it seems to me that they do not pay. |
I hope that you will receive a bonus if this is considered a vulnerability. |
1:) 系统设计提供 sender帮reciver抵押xx资产的操作 2:) 系统设计对于扣抵押费有一个优先级判断,如果有正在归还的抵押那么优先扣除,否则从账户余额扣除。 当-transfer开关打开的时候,system_contract::changebw优先扣除的抵押错误的扣除在了reciver之上,然后剩余部分才从sender扣除。 实际上, 个人建议改成逻辑c更符合系统设计初衷。 try translate from google: 2:) The system design has a priority judgment in delegatebw operation. first is refund, and then balance of account When the -transfer switch is turned on, the system_contract::changebw reduce refund from reciver by mistake, and then reduce from sender's balance. in this view, there not lost any asset, In fact, 1:) and 2:) has logical conflicts, there are three possible operations when occurring simultaneously. i suggest the logical C, original intention of the system design. |
@arhag Does this constitute a vulnerability? It is difficult to tell from this bug report. |
攻击的命令示例:
cleos --wallet-url http://localhost:6666 --url http://mainnet.genereos.io:80 system delegatebw sujianzhong1 etokengogogo "0.0001 EOS" "0.0000 EOS" --transfer
攻击示意图:
The text was updated successfully, but these errors were encountered: