Solidity
將 wbnb 從合約轉移到 metamask
我使用 python 將 wbnb 從我部署的契約轉移到 metamask。交易未執行。但是後來查看我合約的wbnb餘額為0時,我的wbnb被盜了。我有一個自定義功能來轉移我的 wbnb,但它們仍然被盜。可能發生了什麼?我沒有批准的權限,也沒有連接的網站。
錯誤交易:https ://bscscan.com/tx/0xce1232d3b446667fff78dede3adcc2453c34ef577bb98e668bf25b2d10d42e3b
偷走了我的 wbnb 的交易: https ://bscscan.com/tx/0xbbbe070414c875052a80d6e7cb382d6357ee5fe978f0fddb2427acf37fdbbdfb
我的程式碼:
// SPDX-License-Identifier: MIT pragma solidity >=0.6.6 <0.8.0; interface IUniswapV2Pair { event Approval(address indexed owner, address indexed spender, uint value); event Transfer(address indexed from, address indexed to, uint value); function transfer(address to, uint value) external returns (bool); function transferFrom(address from, address to, uint value) external returns (bool); } interface IERC20 { /** * @dev Returns the amount of tokens in existence. */ function transfer(address recipient, uint256 amount) external returns (bool); /** * @dev Returns the remaining number of tokens that `spender` will be * allowed to spend on behalf of `owner` through {transferFrom}. This is * zero by default. * * This value changes when {approve} or {transferFrom} are called. */ event Transfer(address indexed from, address indexed to, uint256 value); event Approval(address indexed owner, address indexed spender, uint256 value); } contract Flashswap { address public owner; address private wbnb; constructor() { owner = msg.sender; wbnb = 0xbb4CdB9CBd36B01bD1cBaEBF2De08d9173bc095c; } function transfer_bnb_to_wallet(uint256 _amount, address _dest) external{ IERC20(wbnb).transfer(_dest,_amount); } }
該功能
transfer_bnb_to_wallet沒有任何保護。任何人都可以呼叫它並使用自己的地址作為收件人function transfer_bnb_to_wallet(uint256 _amount, address _dest) external{ IERC20(wbnb).transfer(_dest,_amount); }該函式可能已被創建
onlyOwner,因此只有所有者才能呼叫它。契約沒有經過驗證也沒關係。有些機器人會檢查待處理的池中是否有可以利用的交易。
攻擊者使用了更高的 gas 價格,因此礦工在交易之前選擇了它。