From d9b9ed227b175262234fac0f5bd47e19f9556a9c Mon Sep 17 00:00:00 2001 From: Jerome de Tychey Date: Fri, 7 Apr 2017 11:30:18 +0200 Subject: [PATCH 1/2] fix for short address attack as suggested by /u/izqui9 here https://www.reddit.com/r/ethereum/comments/63s917/worrysome_bug_exploit_with_erc20_token/dfwmhc3/ Attack description: https://blog.golemproject.net/how-to-find-10m-by-just-reading-blockchain-6ae9d39fcd95 --- contracts/token/BasicToken.sol | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/contracts/token/BasicToken.sol b/contracts/token/BasicToken.sol index 053ba899c..9003118a0 100644 --- a/contracts/token/BasicToken.sol +++ b/contracts/token/BasicToken.sol @@ -13,7 +13,15 @@ contract BasicToken is ERC20Basic, SafeMath { mapping(address => uint) balances; - function transfer(address _to, uint _value) { +/* + * Fix for the ERC20 short address attack + */ + modifier onlyPayloadSize(uint size) { + assert(msg.data.length == size + 4); + _; + } + + function transfer(address _to, uint _value) onlyPayloadSize(2 * 32) { balances[msg.sender] = safeSub(balances[msg.sender], _value); balances[_to] = safeAdd(balances[_to], _value); Transfer(msg.sender, _to, _value); From 5d75264f0f5a552ec994266cd8691fadfa422252 Mon Sep 17 00:00:00 2001 From: Jerome de Tychey Date: Tue, 11 Apr 2017 17:25:03 +0200 Subject: [PATCH 2/2] Fix for bigger payloads as suggested by izqui in case a function calls transfer under the hood --- contracts/token/BasicToken.sol | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contracts/token/BasicToken.sol b/contracts/token/BasicToken.sol index 9003118a0..5e6f3278a 100644 --- a/contracts/token/BasicToken.sol +++ b/contracts/token/BasicToken.sol @@ -17,7 +17,7 @@ contract BasicToken is ERC20Basic, SafeMath { * Fix for the ERC20 short address attack */ modifier onlyPayloadSize(uint size) { - assert(msg.data.length == size + 4); + assert(msg.data.length >= size + 4); _; }