SWC-101/整数溢出
当算术运算达到类型的最大或最小值时,将发生上溢/下溢。例如,如果一个数字以uint8类型存储, 则意味着该数字以8位无符号数字存储,值范围从0到2^8-1。在计算机编程中,当算术运算试图创建 一个超出指定位数表示范围的数值时,就会发生整数溢出。
CWE漏洞分类
整改方案
建议在整个智能合约系统中始终使用经过审查的安全数学库进行算术运算。
参考文献
缺陷合约示例
tokensalechallenge.sol
/*
* @source: https://capturetheether.com/challenges/math/token-sale/
* @author: Steve Marx
*/
pragma solidity ^0.4.21;
contract TokenSaleChallenge {
mapping(address => uint256) public balanceOf;
uint256 constant PRICE_PER_TOKEN = 1 ether;
function TokenSaleChallenge(address _player) public payable {
require(msg.value == 1 ether);
}
function isComplete() public view returns (bool) {
return address(this).balance < 1 ether;
}
function buy(uint256 numTokens) public payable {
require(msg.value == numTokens * PRICE_PER_TOKEN);
balanceOf[msg.sender] += numTokens;
}
function sell(uint256 numTokens) public {
require(balanceOf[msg.sender] >= numTokens);
balanceOf[msg.sender] -= numTokens;
msg.sender.transfer(numTokens * PRICE_PER_TOKEN);
}
}
tokensalechallenge.yaml
description: Integer overflow leading into Ether theft
issues:
- id: SWC-101
count: 3
locations:
- bytecode_offsets:
'0x28bca0703928a8e32ea9dcdc965ef2fc3e5957d467ea62c7df7e29897930512d': [390]
line_numbers:
tokensalechallenge.sol: [21]
- bytecode_offsets:
'0x28bca0703928a8e32ea9dcdc965ef2fc3e5957d467ea62c7df7e29897930512d': [472]
line_numbers:
tokensalechallenge.sol: [23]
- bytecode_offsets:
'0x28bca0703928a8e32ea9dcdc965ef2fc3e5957d467ea62c7df7e29897930512d': [672]
line_numbers:
tokensalechallenge.sol: [30]
- id: SWC-105
count: 1
locations:
- bytecode_offsets:
'0x28bca0703928a8e32ea9dcdc965ef2fc3e5957d467ea62c7df7e29897930512d': [693]
line_numbers:
tokensalechallenge.sol: [30]
integer_overflow_mapping_sym_1.sol
//Single transaction overflow
pragma solidity ^0.4.11;
contract IntegerOverflowMappingSym1 {
mapping(uint256 => uint256) map;
function init(uint256 k, uint256 v) public {
map[k] -= v;
}
}
integer_overflow_mapping_sym_1.yaml
description: Single transaction overflow in mapping
issues:
- id: SWC-101
count: 1
locations:
- bytecode_offsets:
'0x3c60415e40f53b65bb32a782b5ca77cb5fdf3e2bbd5e942ce263cd674f02444c': [145]
line_numbers:
integer_overflow_mapping_sym_1.sol: [9]
integer_overflow_mapping_sym_1_fixed.sol
//Single transaction overflow
//Safe version
pragma solidity ^0.4.16;
contract IntegerOverflowMappingSym1 {
mapping(uint256 => uint256) map;
function init(uint256 k, uint256 v) public {
map[k] = sub(map[k], v);
}
//from SafeMath
function sub(uint256 a, uint256 b) internal pure returns (uint256) {
require(b <= a);//SafeMath uses assert here
return a - b;
}
}
integer_overflow_mapping_sym_1_fixed.yaml
description: Single transaction overflow in mapping
issues:
- id: SWC-101
count: 0
locations: []
integer_overflow_minimal.sol
//Single transaction overflow
//Post-transaction effect: overflow escapes to publicly-readable storage
pragma solidity ^0.4.19;
contract IntegerOverflowMinimal {
uint public count = 1;
function run(uint256 input) public {
count -= input;
}
}
integer_overflow_minimal.yaml
description: Single transaction overflow
issues:
- id: SWC-101
count: 1
locations:
- bytecode_offsets:
'0x80074413148835f7b77d5bf3607abd9e7cdd53db154097aa0e82b9a7bdfbbfe3': [174]
line_numbers:
integer_overflow_minimal.sol: [10]
integer_overflow_minimal_fixed.sol
//Single transaction overflow
//Post-transaction effect: overflow escapes to publicly-readable storage
//Safe version
pragma solidity ^0.4.19;
contract IntegerOverflowMinimal {
uint public count = 1;
function run(uint256 input) public {
count = sub(count,input);
}
//from SafeMath
function sub(uint256 a, uint256 b) internal pure returns (uint256) {
require(b <= a);//SafeMath uses assert here
return a - b;
}
}
integer_overflow_minimal_fixed.yaml
description: Single transaction overflow
issues:
- id: SWC-101
count: 0
locations: []
integer_overflow_mul.sol
//Single transaction overflow
//Post-transaction effect: overflow escapes to publicly-readable storage
pragma solidity ^0.4.19;
contract IntegerOverflowMul {
uint public count = 2;
function run(uint256 input) public {
count *= input;
}
}
integer_overflow_mul.yaml
description: Single transaction overflow using mul
issues:
- id: SWC-101
count: 1
locations:
- bytecode_offsets:
'0x6447009c99f794580933d06bda6405b9d6c4e95c4b51a37bf3c8b36c9199b0cf': [174]
line_numbers:
integer_overflow_mul.sol: [10]
integer_overflow_mul_fixed.sol
//Single transaction overflow
//Post-transaction effect: overflow escapes to publicly-readable storage
//Safe version
pragma solidity ^0.4.19;
contract IntegerOverflowMul {
uint public count = 2;
function run(uint256 input) public {
count = mul(count, input);
}
//from SafeMath
function mul(uint256 a, uint256 b) internal pure returns (uint256) {
// Gas optimization: this is cheaper than requiring 'a' not being zero, but the
// benefit is lost if 'b' is also tested.
// See: https://github.com/OpenZeppelin/openzeppelin-solidity/pull/522
if (a == 0) {
return 0;
}
uint256 c = a * b;
require(c / a == b);
return c;
}
}
integer_overflow_mul_fixed.yaml
description: Single transaction overflow using mul
issues:
- id: SWC-101
count: 0
locations: []
integer_overflow_multitx_multifunc_feasible.sol
/*
* @source: https://github.com/ConsenSys/evm-analyzer-benchmark-suite
* @author: Suhabe Bugrara
*/
//Multi-transactional, multi-function
//Arithmetic instruction reachable
pragma solidity ^0.4.23;
contract IntegerOverflowMultiTxMultiFuncFeasible {
uint256 private initialized = 0;
uint256 public count = 1;
function init() public {
initialized = 1;
}
function run(uint256 input) {
if (initialized == 0) {
return;
}
count -= input;
}
}
integer_overflow_multitx_multifunc_feasible.yaml
description: Integer overflow (reachable by calling 2 functions over 2 transactions)
issues:
- id: SWC-101
count: 1
locations:
- bytecode_offsets:
'0x956414565a80029c2be2b7c0d39740bf5ad294db15af3a02cb64509638902617': [218]
line_numbers:
integer_overflow_multitx_multifunc_feasible.sol: [24]
integer_overflow_multitx_multifunc_feasible_fixed.sol
/*
* @source: https://github.com/ConsenSys/evm-analyzer-benchmark-suite
* @author: Suhabe Bugrara
*/
//Multi-transactional, multi-function
//Arithmetic instruction reachable (Safe)
pragma solidity ^0.4.23;
contract IntegerOverflowMultiTxMultiFuncFeasible {
uint256 private initialized = 0;
uint256 public count = 1;
function init() public {
initialized = 1;
}
function run(uint256 input) {
if (initialized == 0) {
return;
}
count = sub(count, input);
}
//from SafeMath
function sub(uint256 a, uint256 b) internal pure returns (uint256) {
require(b <= a);//SafeMath uses assert here
return a - b;
}
}
integer_overflow_multitx_multifunc_feasible_fixed.yaml
description: Multi-transactional, multi-function
issues:
- id: SWC-101
count: 0
locations: []
integer_overflow_multitx_onefunc_feasible.sol
/*
* @source: https://github.com/ConsenSys/evm-analyzer-benchmark-suite
* @author: Suhabe Bugrara
*/
//Multi-transactional, single function
//Arithmetic instruction reachable
pragma solidity ^0.4.23;
contract IntegerOverflowMultiTxOneFuncFeasible {
uint256 private initialized = 0;
uint256 public count = 1;
function run(uint256 input) public {
if (initialized == 0) {
initialized = 1;
return;
}
count -= input;
}
}
integer_overflow_multitx_onefunc_feasible.yaml
description: Integer overflow (reachable in 2 transactions)
issues:
- id: SWC-101
count: 1
locations:
- bytecode_offsets:
'0xf2c9f895c91bab86eb41e999544f854169741ed65e9bfcce0108a3adfa7b8be3': [196]
line_numbers:
integer_overflow_multitx_onefunc_feasible.sol: [21]
integer_overflow_multitx_onefunc_feasible_fixed.sol
/*
* @source: https://github.com/ConsenSys/evm-analyzer-benchmark-suite
* @author: Suhabe Bugrara
*/
//Multi-transactional, single function
//Arithmetic instruction reachable (Safe)
pragma solidity ^0.4.23;
contract IntegerOverflowMultiTxOneFuncFeasible {
uint256 private initialized = 0;
uint256 public count = 1;
function run(uint256 input) public {
if (initialized == 0) {
initialized = 1;
return;
}
count = sub(count, input);
}
//from SafeMath
function sub(uint256 a, uint256 b) internal pure returns (uint256) {
require(b <= a);//SafeMath uses assert here
return a - b;
}
}
integer_overflow_multitx_onefunc_feasible_fixed.yaml
description: Multi-transactional, single function
issues:
- id: SWC-101
count: 0
locations: []
integer_overflow_multitx_onefunc_infeasible.sol
/*
* @source: https://github.com/ConsenSys/evm-analyzer-benchmark-suite
* @author: Suhabe Bugrara
*/
//Multi-transactional, single function
//Overflow infeasible because arithmetic instruction not reachable
pragma solidity ^0.4.23;
contract IntegerOverflowMultiTxOneFuncInfeasible {
uint256 private initialized = 0;
uint256 public count = 1;
function run(uint256 input) public {
if (initialized == 0) {
return;
}
count -= input;
}
}
integer_overflow_multitx_onefunc_infeasible.yaml
description: Integer overflow (unreachable)
issues:
- id: SWC-101
count: 0
locations: []
overflow_simple_add.sol
pragma solidity 0.4.24;
contract Overflow_Add {
uint public balance = 1;
function add(uint256 deposit) public {
balance += deposit;
}
}
overflow_simple_add.yaml
description: Plain and simple ADD overflow example
issues:
- id: SWC-101
count: 1
locations:
- bytecode_offsets:
'0x75ad68f906456e1cbfd6190a8f2e2dc5cb2794af4a4929448378642c992e151a': [168]
line_numbers:
overflow_simple_add.sol: [7]
overflow_simple_add_fixed.sol
pragma solidity ^0.4.24;
contract Overflow_Add {
uint public balance = 1;
function add(uint256 deposit) public {
balance = add(balance, deposit);
}
//from SafeMath
function add(uint256 a, uint256 b) internal pure returns (uint256) {
uint256 c = a + b;
require(c >= a);
return c;
}
}
overflow_simple_add_fixed.yaml
description: Plain and simple ADD overflow example
issues:
- id: SWC-101
count: 0
locations: []
BECToken.sol
pragma solidity ^0.4.16;
/**
* @title SafeMath
* @dev Math operations with safety checks that throw on error
*/
library SafeMath {
function mul(uint256 a, uint256 b) internal constant returns (uint256) {
uint256 c = a * b;
require(a == 0 || c / a == b);
return c;
}
function div(uint256 a, uint256 b) internal constant returns (uint256) {
// require(b > 0); // Solidity automatically throws when dividing by 0
uint256 c = a / b;
// require(a == b * c + a % b); // There is no case in which this doesn't hold
return c;
}
function sub(uint256 a, uint256 b) internal constant returns (uint256) {
require(b <= a);
return a - b;
}
function add(uint256 a, uint256 b) internal constant returns (uint256) {
uint256 c = a + b;
require(c >= a);
return c;
}
}
/**
* @title ERC20Basic
* @dev Simpler version of ERC20 interface
* @dev see https://github.com/ethereum/EIPs/issues/179
*/
contract ERC20Basic {
uint256 public totalSupply;
function balanceOf(address who) public constant returns (uint256);
function transfer(address to, uint256 value) public returns (bool);
event Transfer(address indexed from, address indexed to, uint256 value);
}
/**
* @title Basic token
* @dev Basic version of StandardToken, with no allowances.
*/
contract BasicToken is ERC20Basic {
using SafeMath for uint256;
mapping(address => uint256) balances;
/**
* @dev transfer token for a specified address
* @param _to The address to transfer to.
* @param _value The amount to be transferred.
*/
function transfer(address _to, uint256 _value) public returns (bool) {
require(_to != address(0));
require(_value > 0 && _value <= balances[msg.sender]);
// SafeMath.sub will throw if there is not enough balance.
balances[msg.sender] = balances[msg.sender].sub(_value);
balances[_to] = balances[_to].add(_value);
Transfer(msg.sender, _to, _value);
return true;
}
/**
* @dev Gets the balance of the specified address.
* @param _owner The address to query the the balance of.
* @return An uint256 representing the amount owned by the passed address.
*/
function balanceOf(address _owner) public constant returns (uint256 balance) {
return balances[_owner];
}
}
/**
* @title ERC20 interface
* @dev see https://github.com/ethereum/EIPs/issues/20
*/
contract ERC20 is ERC20Basic {
function allowance(address owner, address spender) public constant returns (uint256);
function transferFrom(address from, address to, uint256 value) public returns (bool);
function approve(address spender, uint256 value) public returns (bool);
event Approval(address indexed owner, address indexed spender, uint256 value);
}
/**
* @title Standard ERC20 token
*
* @dev Implementation of the basic standard token.
* @dev https://github.com/ethereum/EIPs/issues/20
* @dev Based on code by FirstBlood: https://github.com/Firstbloodio/token/blob/master/smart_contract/FirstBloodToken.sol
*/
contract StandardToken is ERC20, BasicToken {
mapping (address => mapping (address => uint256)) internal allowed;
/**
* @dev Transfer tokens from one address to another
* @param _from address The address which you want to send tokens from
* @param _to address The address which you want to transfer to
* @param _value uint256 the amount of tokens to be transferred
*/
function transferFrom(address _from, address _to, uint256 _value) public returns (bool) {
require(_to != address(0));
require(_value > 0 && _value <= balances[_from]);
require(_value <= allowed[_from][msg.sender]);
balances[_from] = balances[_from].sub(_value);
balances[_to] = balances[_to].add(_value);
allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_value);
Transfer(_from, _to, _value);
return true;
}
/**
* @dev Approve the passed address to spend the specified amount of tokens on behalf of msg.sender.
*
* Beware that changing an allowance with this method brings the risk that someone may use both the old
* and the new allowance by unfortunate transaction ordering. One possible solution to mitigate this
* race condition is to first reduce the spender's allowance to 0 and set the desired value afterwards:
* https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
* @param _spender The address which will spend the funds.
* @param _value The amount of tokens to be spent.
*/
function approve(address _spender, uint256 _value) public returns (bool) {
allowed[msg.sender][_spender] = _value;
Approval(msg.sender, _spender, _value);
return true;
}
/**
* @dev Function to check the amount of tokens that an owner allowed to a spender.
* @param _owner address The address which owns the funds.
* @param _spender address The address which will spend the funds.
* @return A uint256 specifying the amount of tokens still available for the spender.
*/
function allowance(address _owner, address _spender) public constant returns (uint256 remaining) {
return allowed[_owner][_spender];
}
}
/**
* @title Ownable
* @dev The Ownable contract has an owner address, and provides basic authorization control
* functions, this simplifies the implementation of "user permissions".
*/
contract Ownable {
address public owner;
event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);
/**
* @dev The Ownable constructor sets the original `owner` of the contract to the sender
* account.
*/
function Ownable() {
owner = msg.sender;
}
/**
* @dev Throws if called by any account other than the owner.
*/
modifier onlyOwner() {
require(msg.sender == owner);
_;
}
/**
* @dev Allows the current owner to transfer control of the contract to a newOwner.
* @param newOwner The address to transfer ownership to.
*/
function transferOwnership(address newOwner) onlyOwner public {
require(newOwner != address(0));
OwnershipTransferred(owner, newOwner);
owner = newOwner;
}
}
/**
* @title Pausable
* @dev Base contract which allows children to implement an emergency stop mechanism.
*/
contract Pausable is Ownable {
event Pause();
event Unpause();
bool public paused = false;
/**
* @dev Modifier to make a function callable only when the contract is not paused.
*/
modifier whenNotPaused() {
require(!paused);
_;
}
/**
* @dev Modifier to make a function callable only when the contract is paused.
*/
modifier whenPaused() {
require(paused);
_;
}
/**
* @dev called by the owner to pause, triggers stopped state
*/
function pause() onlyOwner whenNotPaused public {
paused = true;
Pause();
}
/**
* @dev called by the owner to unpause, returns to normal state
*/
function unpause() onlyOwner whenPaused public {
paused = false;
Unpause();
}
}
/**
* @title Pausable token
*
* @dev StandardToken modified with pausable transfers.
**/
contract PausableToken is StandardToken, Pausable {
function transfer(address _to, uint256 _value) public whenNotPaused returns (bool) {
return super.transfer(_to, _value);
}
function transferFrom(address _from, address _to, uint256 _value) public whenNotPaused returns (bool) {
return super.transferFrom(_from, _to, _value);
}
function approve(address _spender, uint256 _value) public whenNotPaused returns (bool) {
return super.approve(_spender, _value);
}
function batchTransfer(address[] _receivers, uint256 _value) public whenNotPaused returns (bool) {
uint cnt = _receivers.length;
uint256 amount = uint256(cnt) * _value;
require(cnt > 0 && cnt <= 20);
require(_value > 0 && balances[msg.sender] >= amount);
balances[msg.sender] = balances[msg.sender].sub(amount);
for (uint i = 0; i < cnt; i++) {
balances[_receivers[i]] = balances[_receivers[i]].add(_value);
Transfer(msg.sender, _receivers[i], _value);
}
return true;
}
}
/**
* @title Bec Token
*
* @dev Implementation of Bec Token based on the basic standard token.
*/
contract BecToken is PausableToken {
/**
* Public variables of the token
* The following variables are OPTIONAL vanities. One does not have to include them.
* They allow one to customise the token contract & in no way influences the core functionality.
* Some wallets/interfaces might not even bother to look at this information.
*/
string public name = "BeautyChain";
string public symbol = "BEC";
string public version = '1.0.0';
uint8 public decimals = 18;
/**
* @dev Function to check the amount of tokens that an owner allowed to a spender.
*/
function BecToken() {
totalSupply = 7000000000 * (10**(uint256(decimals)));
balances[msg.sender] = totalSupply; // Give the creator all initial tokens
}
function () {
//if ether is sent to this address, send it back.
revert();
}
}
BECToken.yaml
description: 'BECToken: Integer overflow in batchTransfer function'
issues:
- id: SWC-101
count: 1
locations:
- bytecode_offsets:
'0x09527bb0f6b5907031948e360743aa582a5c49ad8c587fd6c1463cc5e3d0825f': [1587]
line_numbers:
BECToken.sol: [257]