Shulou(Shulou.com)06/01 Report--

Using the constructor to cause Dapp vulnerability example analysis, I believe that many inexperienced people are helpless about this, for this reason this article summarizes the causes of the problem and solutions, through this article I hope you can solve this problem.

Constructor is a special function, in the constructor will perform some initialization contract is more critical function. Prior to Solidity version 0.4.22, a constructor was a function with the same name as the contract. So if the contract name changes during development, the original constructor will become a regular callable function if the constructor name does not change. This leads to contractual loopholes.

attack principle

If the contract name is changed or there is an input error in the constructor, this will cause the function name and contract name to be inconsistent. At this point, the constructor is just a regular function. If some authorized proprietary operation is performed in the constructor, serious consequences can result. Take a look at the contract code below:

contract OwnerWallet { address public owner; //constructor function ownerWallet(address _owner) public { owner = _owner; } // fallback. Collect ether. function () payable {} function withdraw() public { require(msg.sender == owner); msg.sender.transfer(this.balance); } }

This contract accepts ether top-ups and only allows the contract owner to withdraw them using the withdraw () function. If the constructor becomes a regular function, any user can call ownerWallet, set themselves as the owner of the contract, and then call withdraw to withdraw all the funds in the contract.

protection technology

This issue mainly occurs in Solidity compiler version 0.4.22. This version introduces a constructor keyword to indicate a constructor, rather than requiring the constructor name to match the contract name. It is recommended to use the constructor keyword to prevent naming problems with later versions.

After reading the above, do you know how to use the constructor to cause the example analysis of Dapp vulnerability? If you still want to learn more skills or want to know more related content, welcome to pay attention to the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.