Shulou(Shulou.com)06/01 Report--

This article mainly introduces the relevant knowledge of "what is ERC20". The editor shows you the operation process through actual cases, and the operation method is simple, fast and practical. I hope this article "what is ERC20" can help you solve the problem.

What is ERC20?

Tokens should be familiar to everyone. Tokens are also called token. They are not virtual currencies such as Bitcoin and Yitai Fang, which are based on the hard work of a large number of technicians and are used to keep the public chain running. Tokens generally rely on the Ethernet Square platform, which is the number recorded in an intelligent contract on the Ethernet Square platform.

So token has no value, everyone can create unlimited token in 1 minute or so. So why are there so many token prices so high and so many people to trade? Generally speaking, the person who publishes the token will bind the entire token to a promising project, such as nanotechnology, satellite technology, new power, how to rely on it, and then find a few famous platforms with a few coin circles, and then publish the great public opinion of the token through various channels, and then go to the exchange to harvest leeks. As for the cross-era project they touted at that time, I don't know if it can really be completed. After all, the money has already been received in my pocket.

There is no denying that some token do have a conscience and do what they are supposed to do. Without delving into the rights and wrongs of issuing token, let's talk about ERC20 here.

Everyone comes to send token, so there is no unified standard for so many token, so it is not good to make a general transfer on the ethernet platform. In order to facilitate the circulation of token, there is a token standard called ERC20. To put it simply, ERC20 stipulates nine methods and two events that must be realized in an token intelligent contract.

For specific methods and event names, please see the ERC-20 standard description.

Application Binary Interface (ABI)

This article is actually about ERC20 attacks. If we want to attack ERC20, we first need to know how to interact with the etherfang virtual machine. In ethernet ethereum ecosystem, the application of binary interface Application Binary Interface (ABI) is a standard way to interact with contracts from outside the blockchain and between contracts. The data is encoded in the agreed way according to its type.

To put it simply, an ABI includes a function selector and function parameters.

A function selector is the first 4 bytes of a function call data that specifies the function to be called. These four bytes are the first four bytes after the function signature is hashed through Keccak (SHA-3).

The parameters of the function will be encoded into 32 bytes, and those less than 32 bytes will be completed. ERC20 Short Address Attack appears on the completion of this function.

ERC20 Short Address Attack

Let's take a look at a simple token contract to transfer money.

Pragma solidity ^ 0.4.11; contract MyToken {mapping (address = > uint) balances; event Transfer (address indexed _ from, address indexed _ to, uint256 _ value); function MyToken () {balances [tx.origin] = 10000;} function sendCoin (address to, uint amount) returns (bool sufficient) {if (balances [msg.sender] < amount) return false;balances [msg.sender]-= amount;balances [to] + = amount;Transfer (msg.sender, to, amount); return true } function getBalance (address addr) constant returns (uint) {return balances [addr];}}

A very simple intelligent contract, here we take a look at the method of sendCoin, he receives two parameters, one is to receive the address of the token, the other is the number.

If you want to make a call, the generated ABI might look like this:

0x90b98a1100000000000000000000000062bec9abe373123b9aabbcce608f94eb8644163e0000000000000000000000000000000000000000000000000000000000000004

Where:

0x90b98a11 is the method tag sha3 (sendCoin (address,uint)) after the Keccak (SHA-3) operation.

00000000000000000000000062bec9abe373123b9aabbcce608f94eb8644163e is a 20-byte destination address that is completed to 32 bytes.

0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

Start the attack.

What happens if an attacker doesn't play his cards according to common sense and does not complete the parameters to 32 bytes, then the total ABI length will be smaller than expected?

Again in the above example, we are going to send 4 token to 62bec9abe373123b9aabbcce608f94eb8644163e.

But if we remove the last byte of the address, "3e", the ABI looks like this:

0x90b98a1100000000000000000000000062bec9abe373123b9aabbcce608f94eb8644163e0000000000000000000000000000000000000000000000000000000000000004 ^ ^

We can see that there is actually one byte missing after the last 04.

So what will happen if we pass this ABI to the ethernet virtual machine?

The ethersquare virtual machine completes the ABI by adding a byte 00 after 04.

The parameters are as follows:

_ from: 0x58bad47711113aea5bc5de02bce6dd332211aabb_to: 0x62bec9abe373123b9aabbcce608f94eb8644163e00_value: 2048

We see two changes, the first destination address has changed, and the second transfer value has changed: 4

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.