Socket Gateway 代币交换逻辑漏洞分析报告<\/h1>

1. 事件概述<\/h2>
2024年1月17日，Socket Gateway智能合约由于`performAction<\/code>函数中存在逻辑漏洞，导致约330万美元的损失。攻击者利用该漏洞转移了用户的USDC、USDT、WETH、WBTC、DAI和MATIC等代币，并将其转换为ETH获利。<\/p>`

2. 关键地址信息<\/h2>

攻击者地址<\/strong>: 0x50DF5a2217588772471B84aDBbe4194A2Ed39066<\/li>
被攻击合约地址<\/strong>: 0x3a23F943181408EAC424116Af7b7790c94Cb97a5<\/li>
漏洞合约地址<\/strong>: 0xCC5fDA5e3cA925bd0bb428C8b2669496eE43067e<\/li>
攻击交易示例<\/strong>: 0xc6c3331fa8c2d30e1ef208424c08c039a89e510df2fb6ae31e5aa40722e28fd6<\/li>
攻击合约地址<\/strong>: 0xf2D5951bB0A4d14BdcC37b66f919f9A1009C05d1<\/li>
<\/ul>
3. 漏洞背景<\/h2>
Socket Gateway的Admin在1月13日执行了addRoute<\/code>函数添加了新的routeAddress。新部署的合约中的performAction<\/code>函数存在逻辑错误，该函数原本设计用于ETH与WETH的代币交换。<\/p>
4. 漏洞代码分析<\/h2>
4.1 漏洞函数代码<\/h3>
function<\/span> performAction<\/span>(
<\/span><\/span>    address<\/span> fromToken,
<\/span><\/span>    address<\/span> toToken,
<\/span><\/span>    uint256<\/span> amount,
<\/span><\/span>    address<\/span> receiverAddress,
<\/span><\/span>    bytes32<\/span> metadata,
<\/span><\/span>    bytes<\/span> calldata swapExtraData
<\/span><\/span>) external<\/span> payable<\/span> override<\/span> returns<\/span> (uint256<\/span>) {
<\/span><\/span>    uint256<\/span> _initialBalanceTokenOut;
<\/span><\/span>    uint256<\/span> _finalBalanceTokenOut;
<\/span><\/span>    
<\/span><\/span>    \/\/ Swap Native to Wrapped Token
<\/span><\/span><\/span><\/span>    if<\/span> (fromToken ==<\/span> NATIVE_TOKEN_ADDRESS) {
<\/span><\/span>        _initialBalanceTokenOut =<\/span> ERC20(toToken).balanceOf(socketGateway);
<\/span><\/span>        (bool<\/span> success, ) =<\/span> toToken.call{value:<\/span> amount}(swapExtraData);
<\/span><\/span>        if<\/span> (!<\/span>success) {
<\/span><\/span>            revert SwapFailed();
<\/span><\/span>        }
<\/span><\/span>        _finalBalanceTokenOut =<\/span> ERC20(toToken).balanceOf(socketGateway);
<\/span><\/span>        require(
<\/span><\/span>            (_finalBalanceTokenOut -<\/span> _initialBalanceTokenOut) ==<\/span> amount,
<\/span><\/span>            "Invalid wrapper contract"<\/span>
<\/span><\/span>        );
<\/span><\/span>        \/\/ Send weth to user
<\/span><\/span><\/span><\/span>        ERC20(toToken).transfer(receiverAddress, amount);
<\/span><\/span>    } else<\/span> {
<\/span><\/span>        _initialBalanceTokenOut =<\/span> address<\/span>(socketGateway).balance;
<\/span><\/span>        \/\/ Swap Wrapped Token To Native Token
<\/span><\/span><\/span><\/span>        ERC20(fromToken).safeTransferFrom(
<\/span><\/span>            msg.sender,
<\/span><\/span>            socketGateway,
<\/span><\/span>            amount
<\/span><\/span>        );
<\/span><\/span>        (bool<\/span> success, ) =<\/span> fromToken.call(swapExtraData);
<\/span><\/span>        if<\/span> (!<\/span>success) {
<\/span><\/span>            revert SwapFailed();
<\/span><\/span>        }
<\/span><\/span>        _finalBalanceTokenOut =<\/span> address<\/span>(socketGateway).balance;
<\/span><\/span>        require(
<\/span><\/span>            (_finalBalanceTokenOut -<\/span> _initialBalanceTokenOut) ==<\/span> amount,
<\/span><\/span>            "Invalid wrapper contract"<\/span>
<\/span><\/span>        );
<\/span><\/span>        \/\/ send ETH to the user
<\/span><\/span><\/span><\/span>        payable<\/span>(receiverAddress).transfer(amount);
<\/span><\/span>    }
<\/span><\/span>    
<\/span><\/span>    emit SocketSwapTokens(
<\/span><\/span>        fromToken,
<\/span><\/span>        toToken,
<\/span><\/span>        amount,
<\/span><\/span>        amount,
<\/span><\/span>        Identifier,
<\/span><\/span>        receiverAddress,
<\/span><\/span>        metadata
<\/span><\/span>    );
<\/span><\/span>    return<\/span> amount;
<\/span><\/span>}
<\/span><\/span><\/code><\/pre>4.2 正常功能逻辑<\/h3>
该函数设计用于ETH与WETH的转换，主要功能路径：<\/p>


ETH转WETH<\/strong>:<\/p>

检查fromToken<\/code>是否为原生代币地址<\/li>
记录初始WETH余额<\/li>
执行WETH合约调用，转入ETH<\/li>
验证WETH余额增加量等于转入的ETH数量<\/li>
将WETH转给接收者<\/li>
<\/ul>
<\/li>

WETH转ETH<\/strong>:<\/p>

记录初始ETH余额<\/li>
从调用者转移WETH到合约<\/li>
执行WETH合约调用，提取ETH<\/li>
验证ETH余额增加量等于提取的WETH数量<\/li>
将ETH转给接收者<\/li>
<\/ul>
<\/li>
<\/ol>
4.3 漏洞点分析<\/h3>
漏洞存在于以下关键点：<\/p>


amount参数为0时的验证绕过<\/strong>:<\/p>

当amount<\/code>为0时，(_finalBalanceTokenOut - _initialBalanceTokenOut) == amount<\/code>恒成立<\/li>
这使得余额验证检查被绕过<\/li>
<\/ul>
<\/li>

swapExtraData参数可控<\/strong>:<\/p>

攻击者可以完全控制swapExtraData<\/code>参数<\/li>
通过构造恶意的swapExtraData<\/code>，可以调用任意代币的transferFrom<\/code>函数<\/li>
<\/ul>
<\/li>

fromToken参数未严格验证<\/strong>:<\/p>

函数没有严格限制fromToken<\/code>必须为WETH地址<\/li>
允许传入任意代币地址<\/li>
<\/ul>
<\/li>
<\/ol>
5. 攻击流程详解<\/h2>


攻击准备<\/strong>:<\/p>

攻击者创建2个攻击合约<\/li>
识别出performAction<\/code>函数的漏洞<\/li>
<\/ul>
<\/li>

攻击执行<\/strong>:<\/p>

调用performAction<\/code>函数，设置amount<\/code>为0<\/li>
设置fromToken<\/code>为受害者已授权的代币地址(如USDC)<\/li>
构造swapExtraData<\/code>为调用该代币transferFrom<\/code>函数的数据<\/li>
由于amount<\/code>为0，余额验证检查被绕过<\/li>
恶意transferFrom<\/code>调用被执行，转移受害者授权的代币<\/li>
<\/ul>
<\/li>

资金转移<\/strong>:<\/p>

攻击者将获取的USDC、USDT、WETH、WBTC、DAI、MATIC等代币全部转换为ETH<\/li>
最终获利约330万美元<\/li>
<\/ul>
<\/li>
<\/ol>
6. 漏洞修复建议<\/h2>


严格验证输入参数<\/strong>:<\/p>
require(amount ><\/span> 0<\/span>, "Amount must be greater than zero"<\/span>);
<\/span><\/span>require(fromToken ==<\/span> NATIVE_TOKEN_ADDRESS ||<\/span> fromToken ==<\/span> WETH_ADDRESS, "Invalid token"<\/span>);
<\/span><\/span>require(toToken ==<\/span> NATIVE_TOKEN_ADDRESS ||<\/span> toToken ==<\/span> WETH_ADDRESS, "Invalid token"<\/span>);
<\/span><\/span><\/code><\/pre><\/li>

限制swapExtraData的使用<\/strong>:<\/p>

对swapExtraData<\/code>进行严格格式验证<\/li>
或完全移除该参数，改为固定调用已知安全的函数<\/li>
<\/ul>
<\/li>

添加权限控制<\/strong>:<\/p>
modifier<\/span> onlyAuthorized<\/span>() {
<\/span><\/span>    require(msg.sender ==<\/span> authorizedRouter, "Unauthorized"<\/span>);
<\/span><\/span>    _<\/span>;
<\/span><\/span>}
<\/span><\/span><\/code><\/pre><\/li>

改进余额验证逻辑<\/strong>:<\/p>

即使amount<\/code>为0也应进行严格验证<\/li>
可以考虑添加最小交换量限制<\/li>
<\/ul>
<\/li>
<\/ol>
7. 安全开发最佳实践<\/h2>


输入验证<\/strong>:<\/p>

对所有外部输入进行严格验证<\/li>
特别是涉及资金操作的参数<\/li>
<\/ul>
<\/li>

边界条件测试<\/strong>:<\/p>

特别关注0值、最大值等边界条件<\/li>
编写全面的单元测试覆盖所有边界情况<\/li>
<\/ul>
<\/li>

最小权限原则<\/strong>:<\/p>

合约函数应遵循最小权限原则<\/li>
避免过度灵活的接口设计<\/li>
<\/ul>
<\/li>

代码审计<\/strong>:<\/p>

在部署前进行专业的安全审计<\/li>
特别是涉及资金操作的合约<\/li>
<\/ul>
<\/li>
<\/ol>
8. 总结<\/h2>
Socket Gateway漏洞展示了智能合约开发中几个关键的安全问题：<\/p>

边界条件处理不足<\/li>
过度灵活的接口设计<\/li>
输入验证不严格<\/li>
权限控制缺失<\/li>
<\/ul>
开发者应从该事件中吸取教训，在设计和实现智能合约时遵循安全最佳实践，特别是在处理代币转移等敏感操作时。<\/p>

Socket Gateway 代币交换逻辑漏洞分析报告<\/h1>

1. 事件概述<\/h2> 2024年1月17日，Socket Gateway智能合约由于performAction<\/code>函数中存在逻辑漏洞，导致约330万美元的损失。攻击者利用该漏洞转移了用户的USDC、USDT、WETH、WBTC、DAI和MATIC等代币，并将其转换为ETH获利。<\/p>

3. 漏洞背景<\/h2> Socket Gateway的Admin在1月13日执行了addRoute<\/code>函数添加了新的routeAddress。新部署的合约中的performAction<\/code>函数存在逻辑错误，该函数原本设计用于ETH与WETH的代币交换。<\/p>

1. 事件概述<\/h2>
2024年1月17日，Socket Gateway智能合约由于`performAction<\/code>函数中存在逻辑漏洞，导致约330万美元的损失。攻击者利用该漏洞转移了用户的USDC、USDT、WETH、WBTC、DAI和MATIC等代币，并将其转换为ETH获利。<\/p>`

3. 漏洞背景<\/h2>
Socket Gateway的Admin在1月13日执行了`addRoute<\/code>函数添加了新的routeAddress。新部署的合约中的performAction<\/code>函数存在逻辑错误，该函数原本设计用于ETH与WETH的代币交换。<\/p>`