智能合约安全：合约检测绕过与防御措施<\/h1>

文章前言<\/h2>
智能合约是区块链技术的重要应用之一，能够实现去中心化的交易和智能化的合约执行。然而智能合约安全问题一直是困扰区块链行业的难题。本文将详细介绍合约中对于合约地址检查的方法及其绕过方式，为合约安全审计人员和研发人员提供安全思考。<\/p>

交互方式<\/h2>
在以太坊智能合约中，交互场景主要分为两种：<\/p>

内部交互<\/h3>
合约与合约之间的交互。示例：<\/p>
pragma solidity<\/span> ^<\/span>0<\/span>.8<\/span>.0<\/span>;
<\/span><\/span>
<\/span><\/span>contract<\/span> ContractB<\/span> {
<\/span><\/span>    uint256<\/span> public<\/span> number;
<\/span><\/span>    
<\/span><\/span>    function<\/span> setNumber<\/span>(uint256<\/span> _number) public<\/span> {
<\/span><\/span>        number =<\/span> _number;
<\/span><\/span>    }
<\/span><\/span>    
<\/span><\/span>    function<\/span> getNumber<\/span>() public<\/span> view<\/span> returns<\/span> (uint256<\/span>) {
<\/span><\/span>        return<\/span> number;
<\/span><\/span>    }
<\/span><\/span>}
<\/span><\/span>
<\/span><\/span>contract<\/span> ContractA<\/span> {
<\/span><\/span>    ContractB public<\/span> contractB;
<\/span><\/span>    
<\/span><\/span>    constructor<\/span>(ContractB _contractB) {
<\/span><\/span>        contractB =<\/span> _contractB;
<\/span><\/span>    }
<\/span><\/span>    
<\/span><\/span>    function<\/span> getNumberFromB<\/span>() public<\/span> view<\/span> returns<\/span> (uint256<\/span>) {
<\/span><\/span>        return<\/span> contractB.getNumber();
<\/span><\/span>    }
<\/span><\/span>}
<\/span><\/span><\/code><\/pre>外部交互<\/h3>
合约与外部账号之间的交互。示例：<\/p>
pragma solidity<\/span> ^<\/span>0<\/span>.8<\/span>.0<\/span>;
<\/span><\/span>
<\/span><\/span>contract<\/span> ContractA<\/span> {
<\/span><\/span>    function<\/span> transferEther<\/span>(address<\/span> payable<\/span> recipient) public<\/span> payable<\/span> {
<\/span><\/span>        recipient.transfer(msg.value);
<\/span><\/span>    }
<\/span><\/span>}
<\/span><\/span><\/code><\/pre>交互账号<\/h2>
在以太坊智能合约中，交互的账号主要有两种：<\/p>
合约账号<\/h3>
部署在以太坊网络上的智能合约，可以持有以太币和其他代币，拥有自己的存储空间和状态。示例：<\/p>
pragma solidity<\/span> ^<\/span>0<\/span>.8<\/span>.0<\/span>;
<\/span><\/span>
<\/span><\/span>contract<\/span> ContractA<\/span> {
<\/span><\/span>    uint256<\/span> public<\/span> count;
<\/span><\/span>    
<\/span><\/span>    function<\/span> increment<\/span>() public<\/span> payable<\/span> {
<\/span><\/span>        count++<\/span>;
<\/span><\/span>    }
<\/span><\/span>}
<\/span><\/span><\/code><\/pre>外部账号<\/h3>
在以太坊网络上注册的账户，可以持有以太币和其他代币，但不具有存储空间和状态。示例：<\/p>
pragma solidity<\/span> ^<\/span>0<\/span>.8<\/span>.0<\/span>;
<\/span><\/span>
<\/span><\/span>contract<\/span> ContractA<\/span> {
<\/span><\/span>    function<\/span> transferEther<\/span>(address<\/span> payable<\/span> recipient) public<\/span> payable<\/span> {
<\/span><\/span>        recipient.transfer(msg.value);
<\/span><\/span>    }
<\/span><\/span>}
<\/span><\/span><\/code><\/pre>地址检查的必要性<\/h2>
在编写智能合约时对合约地址进行检测是为了防止合约调用和交互中的安全漏洞和错误：<\/p>

避免调用不存在的合约<\/strong>：防止交易失败或资金损失<\/li>
避免重入攻击安全风险<\/strong>：防止通过重复调用函数导致数据错误或资金损失<\/li>
<\/ol>
地址检查方法<\/h2>
使用extcodesize检查<\/h3>
pragma solidity<\/span> ^<\/span>0<\/span>.8<\/span>.0<\/span>;
<\/span><\/span>
<\/span><\/span>contract<\/span> MyContract<\/span> {
<\/span><\/span>    function<\/span> transferTo<\/span>(address<\/span> payable<\/span> _to) public<\/span> payable<\/span> {
<\/span><\/span>        require(isContract(_to), "Only contract address allowed"<\/span>);
<\/span><\/span>        _to.transfer(msg.value);
<\/span><\/span>    }
<\/span><\/span>    
<\/span><\/span>    function<\/span> isContract<\/span>(address<\/span> _addr) private<\/span> view<\/span> returns<\/span> (bool<\/span>) {
<\/span><\/span>        uint256<\/span> size;
<\/span><\/span>        assembly<\/span> {
<\/span><\/span>            size :=<\/span> extcodesize<\/span>(_addr)
<\/span><\/span>        }
<\/span><\/span>        return<\/span> size ><\/span> 0<\/span>;<\/span>
<\/span><\/span>    }
<\/span><\/span>}
<\/span><\/span><\/code><\/pre>避免调用不存在的合约<\/h3>
pragma solidity<\/span> ^<\/span>0<\/span>.8<\/span>.0<\/span>;
<\/span><\/span>
<\/span><\/span>contract<\/span> MyContract<\/span> {
<\/span><\/span>    function<\/span> callOtherContract<\/span>(address<\/span> _contractAddress) public<\/span> returns<\/span> (uint256<\/span>) {
<\/span><\/span>        require(isContract(_contractAddress), "Contract address does not exist"<\/span>);
<\/span><\/span>        return<\/span> OtherContract(_contractAddress).getValue();
<\/span><\/span>    }
<\/span><\/span>    
<\/span><\/span>    function<\/span> isContract<\/span>(address<\/span> _addr) private<\/span> view<\/span> returns<\/span> (bool<\/span>) {
<\/span><\/span>        uint256<\/span> size;
<\/span><\/span>        assembly<\/span> {
<\/span><\/span>            size :=<\/span> extcodesize<\/span>(_addr)
<\/span><\/span>        }
<\/span><\/span>        return<\/span> size ><\/span> 0<\/span>;<\/span>
<\/span><\/span>    }
<\/span><\/span>}
<\/span><\/span>
<\/span><\/span>contract<\/span> OtherContract<\/span> {
<\/span><\/span>    uint256<\/span> public<\/span> value =<\/span> 42<\/span>;
<\/span><\/span>    
<\/span><\/span>    function<\/span> getValue<\/span>() public<\/span> view<\/span> returns<\/span> (uint256<\/span>) {
<\/span><\/span>        return<\/span> value;
<\/span><\/span>    }
<\/span><\/span>}
<\/span><\/span><\/code><\/pre>避免重入攻击<\/h3>
pragma solidity<\/span> ^<\/span>0<\/span>.8<\/span>.0<\/span>;
<\/span><\/span>
<\/span><\/span>contract<\/span> Bank<\/span> {
<\/span><\/span>    mapping<\/span>(address<\/span> =><\/span> uint256<\/span>) balances;
<\/span><\/span>    bool<\/span> private<\/span> locked;
<\/span><\/span>    
<\/span><\/span>    function<\/span> withdraw<\/span>(uint256<\/span> _amount) public<\/span> {
<\/span><\/span>        require(_amount <=<\/span> balances[msg.sender], "Insufficient balance."<\/span>);
<\/span><\/span>        require(isContract(msg.sender) ==<\/span> false<\/span>, "Contracts are not allowed to withdraw."<\/span>);
<\/span><\/span>        require(payable<\/span>(msg.sender).send(_amount), "Withdrawal failed."<\/span>);
<\/span><\/span>        balances[msg.sender] -=<\/span> _amount;
<\/span><\/span>    }
<\/span><\/span>    
<\/span><\/span>    function<\/span> isContract<\/span>(address<\/span> _addr) private<\/span> view<\/span> returns<\/span> (bool<\/span>) {
<\/span><\/span>        uint256<\/span> size;
<\/span><\/span>        assembly<\/span> {
<\/span><\/span>            size :=<\/span> extcodesize<\/span>(_addr)
<\/span><\/span>        }
<\/span><\/span>        return<\/span> size ><\/span> 0<\/span>;<\/span>
<\/span><\/span>    }
<\/span><\/span>}
<\/span><\/span><\/code><\/pre>检测绕过方法<\/h2>
基本绕过方式<\/h3>
创建一个合约然后将其代码清空，使extcodesize<\/code>返回0：<\/p>
pragma solidity<\/span> ^<\/span>0<\/span>.8<\/span>.0<\/span>;
<\/span><\/span>
<\/span><\/span>contract<\/span> Malicious<\/span> {
<\/span><\/span>    address<\/span> payable<\/span> public<\/span> owner =<\/span> payable<\/span>(msg.sender);
<\/span><\/span>    
<\/span><\/span>    function<\/span>() external<\/span> payable<\/span> {
<\/span><\/span>        owner.transfer(msg.value);
<\/span><\/span>    }
<\/span><\/span>}
<\/span><\/span>
<\/span><\/span>contract<\/span> Test<\/span> {
<\/span><\/span>    function<\/span> isContract<\/span>(address<\/span> addr) public<\/span> view<\/span> returns<\/span> (bool<\/span>) {
<\/span><\/span>        uint256<\/span> codeSize;
<\/span><\/span>        assembly<\/span> {
<\/span><\/span>            codeSize :=<\/span> extcodesize<\/span>(addr)
<\/span><\/span>        }
<\/span><\/span>        return<\/span> codeSize ><\/span> 0<\/span>;<\/span>
<\/span><\/span>    }
<\/span><\/span>    
<\/span><\/span>    function<\/span> test<\/span>(address<\/span> payable<\/span> addr) public<\/span> payable<\/span> {
<\/span><\/span>        require(isContract(addr), "Not a contract address"<\/span>);
<\/span><\/span>        (bool<\/span> success,) =<\/span> addr.call{value:<\/span> msg.value}(""<\/span>);
<\/span><\/span>        require(success, "Call failed"<\/span>);
<\/span><\/span>    }
<\/span><\/span>}
<\/span><\/span><\/code><\/pre>构造函数绕过<\/h3>
在构造函数中执行攻击代码，此时extcodesize<\/code>仍为0：<\/p>
pragma solidity<\/span> ^<\/span>0<\/span>.8<\/span>.0<\/span>;
<\/span><\/span>
<\/span><\/span>contract<\/span> MaliciousContract<\/span> {
<\/span><\/span>    address<\/span> public<\/span> bankAddress;
<\/span><\/span>    
<\/span><\/span>    constructor<\/span>(address<\/span> _bankAddress) {
<\/span><\/span>        bankAddress =<\/span> _bankAddress;
<\/span><\/span>        assembly<\/span> {
<\/span><\/span>            mstore<\/span>(0x00<\/span>, 0x37<\/span>) \/\/ 0x37 is the opcode of "extcodesize"
<\/span><\/span><\/span><\/span>            mstore<\/span>(0x04<\/span>, bankAddress) \/\/ call extcodesize with bankAddress as argument
<\/span><\/span><\/span><\/span>            \/\/ the result will be stored in memory at offset 0x00
<\/span><\/span><\/span><\/span>            let<\/span> size :=<\/span> call<\/span>(5000<\/span>, 0x04<\/span>, 0x00<\/span>, 0<\/span>, 0<\/span>, 0<\/span>, 0<\/span>)
<\/span><\/span>            \/\/ if the result is non-zero, it means bankAddress is a contract
<\/span><\/span><\/span><\/span>            if gt<\/span>(size, 0<\/span>) {
<\/span><\/span>                \/\/ perform a reentry attack
<\/span><\/span><\/span><\/span>                \/\/ ...
<\/span><\/span><\/span><\/span>            }
<\/span><\/span>        }
<\/span><\/span>    }
<\/span><\/span>}
<\/span><\/span><\/code><\/pre>防御方案<\/h2>
1. 使用OpenZeppelin的Address.sol（仍有缺陷）<\/h3>
pragma solidity<\/span> ^<\/span>0<\/span>.4<\/span>.18<\/span>;
<\/span><\/span>
<\/span><\/span>contract<\/span> attack<\/span> {
<\/span><\/span>    function<\/span> attack<\/span>(address<\/span> _addr) public<\/span> payable<\/span> {
<\/span><\/span>        _addr.call.value(msg.value)();
<\/span><\/span>    }
<\/span><\/span>}
<\/span><\/span><\/code><\/pre>2. 更佳方案：使用EIP-1052的extcodehash<\/h3>
pragma solidity<\/span> 0<\/span>.6<\/span>.2<\/span>;
<\/span><\/span>
<\/span><\/span>library<\/span> AddressUtils {
<\/span><\/span>    function<\/span> isContract<\/span>(address<\/span> _addr) internal<\/span> view<\/span> returns<\/span> (bool<\/span> addressCheck) {
<\/span><\/span>        bytes32<\/span> codehash;
<\/span><\/span>        bytes32<\/span> accountHash =<\/span> 0xc5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470<\/span>;
<\/span><\/span>        assembly<\/span> {
<\/span><\/span>            codehash :=<\/span> extcodehash(_addr)
<\/span><\/span>        }
<\/span><\/span>        addressCheck =<\/span> (codehash !=<\/span> 0x0<\/span> &&<\/span> codehash !=<\/span> accountHash);<\/span>
<\/span><\/span>    }
<\/span><\/span>}
<\/span><\/span><\/code><\/pre>3. 其他防御措施<\/h3>

通过tx.origin == msg.sender<\/code>来校验调用者<\/strong>：确保调用者是外部账户而非合约<\/li>
采用EIP-1502来进行检测<\/strong>：更安全的合约检测标准<\/li>
<\/ol>
总结<\/h2>
智能合约安全审计中，对合约地址的检测是防止多种攻击手段的重要防线。传统的extcodesize<\/code>检查方法存在被绕过的风险，特别是在构造函数执行期间。安全开发者应当：<\/p>

了解传统检测方法的局限性<\/li>
采用更安全的extcodehash<\/code>方法（EIP-1052）<\/li>
结合多种防御手段，如tx.origin<\/code>检查<\/li>
特别注意构造函数中的潜在攻击向量<\/li>
<\/ol>
通过全面理解这些检测方法和绕过技术，开发者可以构建更安全的智能合约系统。<\/p>
智能合约安全：合约检测绕过与防御措施<\/h1>

交互方式<\/h2> 在以太坊智能合约中，交互场景主要分为两种：<\/p>

交互账号<\/h2> 在以太坊智能合约中，交互的账号主要有两种：<\/p>

地址检查方法<\/h2>

检测绕过方法<\/h2>

防御方案<\/h2>

交互方式<\/h2>
在以太坊智能合约中，交互场景主要分为两种：<\/p>

交互账号<\/h2>
在以太坊智能合约中，交互的账号主要有两种：<\/p>
