BCST area piece catenary safety institute
IntroductiveShare case of a slight flaw for everybody today, the leading role of case is S*T and M*C, everybody should be right these two projects won't be new. As a result of before gave flaw, cause turn indefinitely money, cause a project square disastrous.
Declare, we just do case to share merely.
To intelligent agreement, we think all the time, an any code should and must rigorous, specific you understand. . . .
Case codeWe read the code below first. :
Graph 1: Core code
Code is analyticThis is a representative turns Zhang function, parameter explains simply:
_from---Turn Zhang square _spender---Gathering square _value---Turn Zhang amountIf your autograph is:
Graph 2: Autograph
Keccak256 is one adds close algorithm, the function that embeds inside, can call directly. Ecrecover is the function that restores autograph fair key, if pass each values are true, the fair key that Ecrecover extensive reappears is equal to should be equal to _from place to pass an address. If be carried out by normal technological process, this function does not have a problem.
Key! Key! The exam wants to take an examination ofBut, but, if be passed inside Ecrecover parameter is incorrect, ecrecover can return 0x0 address, and we examined next contract, did not prohibit turning to 0x0 Zhang, so theoretic say, anybody can obtain the Token of this agreement from 0x0 address.
Solid holdAt that time we go aether lane area piece the Token that next 0x0 check to have them in catenary browser, just as one would expect, there are 0.1 Token inside, next we transfer acting accredit function, and on the turns to us test Zhang date that from the rest of 0x0 lieutenant general 0.1 Token succeed.
Cheng of solid brooklet drill minute1, executive ApproveProxy function, accredit is successful
Graph 3: Executive ApproveProxy
2, we pass area piece browser to examine Allowance whether accredit is successful, look below check scheme, successful accredit, can transfer from 0x0 0. Token.
Graph 4:aLlowance
3, then we call TransferForm
Graph 5: Call TransferForm
4, turn a success! Be successful! Be successful! Be successful! .
Graph 6: Turn a success
SummaryAlthough this attributes slight flaw, but if somebody turned toward 0x0 the Token of corresponding agreement, so someone else still can be taken, token turns to belong to destroy by melting or burning inside past 0x0 generally speaking, if the project just announces which days to want Token of part of destroy by melting or burning, turned toward 0x0 a large number of Token, was given to discover by a person with high aspirations and determination next, that is awkward.
good today's share come here end, if everybody still has what doubt,the welcome leaves a message or join our intellectual heavenly body to be discussed together.
Graph 7: Intellectual heavenly body
