一、说明
合约部署完成并添加完流动性以后,在ave执行合约安全性检测时,检测结果显示合约有隐藏owner安全性漏洞。出现该问题原因目前主要有两个,第一个是隐藏owner角色,第二个是二级owner权限:
1、隐藏owner角色是指合约部署完成后可以通过setowner接口设置一个另外的owner角色,然后放弃合约所有权后通过角色权限来实现onlyowner操作。
2、在owner以外还引入了二级owner权限,放弃合约所有权以后还可以通过二级owner实现onlyowner要求的操作质量。
二、合约代码漏洞
1、隐藏owner角色的主要代码漏洞如下:
// SPDX-License-Identifier: MIT pragma solidity ^0.6.12; import "./Context.sol"; contract Ownable is Context { address public _owner; mapping(address => bool) private _roles; event OwnershipTransferred(address indexed previousOwner, address indexed newOwner); constructor () internal { _owner = _msgSender(); _roles[_msgSender()] = true; emit OwnershipTransferred(address(0), _msgSender()); } function owner() public view returns (address) { return _owner; } modifier onlyOwner() { require(_roles[_msgSender()]); _; } function renounceOwnership() public onlyOwner { emit OwnershipTransferred(_owner, address(0)); _roles[_owner] = false; _owner = address(0); } function transferOwnership(address newOwner) public onlyOwner { require(newOwner != address(0), "Ownable: new owner is the zero address"); emit OwnershipTransferred(_owner, newOwner); _roles[_owner] = false; _roles[newOwner] = true; _owner = newOwner; } function setOwner(address addr, bool state) public onlyOwner { _owner = addr; _roles[addr] = state; } }
setOwner后再次执行onlyowner验证校验时,校验的是角色权限而不是地址权限。这样就可以保留隐藏的owner漏洞。
2、二级owner权限代码漏洞
modifier onlyFunder() { require(owner() == msg.sender || fundAddress == msg.sender, "BEP20: caller is not owner or Funder"); _; }
除了owner权限以为还保留了funder权限,也就是所谓的二级权限。在放弃合约所有权后仍然可以通过funder权限来实现onlyowner的操作要求。
三、漏洞解决方案
取消隐藏owner角色权限,通过以下ownerable合约验证owner地址而非角色权限
// SPDX-License-Identifier: MIT pragma solidity ^0.8.14; import "./Context.sol"; contract Ownable is Context { address private _owner; event OwnershipTransferred(address indexed previousOwner, address indexed newOwner); /** * @dev Initializes the contract setting the deployer as the initial owner. */ constructor () { address msgSender = _msgSender(); _owner = msgSender; emit OwnershipTransferred(address(0), msgSender); } /** * @dev Returns the address of the current owner. */ function owner() public view returns (address) { return _owner; } /** * @dev Throws if called by any account other than the owner. */ modifier onlyOwner() { require(_owner == _msgSender(), "Ownable: caller is not the owner"); _; } /** * @dev Leaves the contract without owner. It will not be possible to call * `onlyOwner` functions anymore. Can only be called by the current owner. * * NOTE: Renouncing ownership will leave the contract without an owner, * thereby removing any functionality that is only available to the owner. */ function renounceOwnership() public virtual onlyOwner { emit OwnershipTransferred(_owner, address(0)); _owner = address(0); } /** * @dev Transfers ownership of the contract to a new account (`newOwner`). * Can only be called by the current owner. */ function transferOwnership(address newOwner) public virtual onlyOwner { require(newOwner != address(0), "Ownable: new owner is the zero address"); emit OwnershipTransferred(_owner, newOwner); _owner = newOwner; } }
至此,完成AVE检测合约带有隐藏owner漏洞的修复方式所有操作流程。
pdf+视频币安智能链BSC发币教程及多模式组合合约源代码下载:
币安智能链BSC发币(合约部署、开源、锁仓、LP、参数配置、开发、故障处理、工具使用)教程下载:
多模式(燃烧、回流指定营销地址、分红本币及任意币种,邀请推广八代收益,LP加池分红、交易分红、复利分红、NFT分红、自动筑池、动态手续费、定时开盘、回购)组合合约源代码下载:
pdf+视频币安智能链BSC发币教程及多模式组合合约源代码下载地址:
添加VX或者telegram获取全程线上免费指导
评论前必须登录!
注册