From d9b9ed227b175262234fac0f5bd47e19f9556a9c Mon Sep 17 00:00:00 2001
From: Jerome de Tychey <jdetychey@gmail.com>
Date: Fri, 7 Apr 2017 11:30:18 +0200
Subject: [PATCH] fix for short address attack

as suggested by /u/izqui9 here https://www.reddit.com/r/ethereum/comments/63s917/worrysome_bug_exploit_with_erc20_token/dfwmhc3/
Attack description:
https://blog.golemproject.net/how-to-find-10m-by-just-reading-blockchain-6ae9d39fcd95
---
 contracts/token/BasicToken.sol | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/contracts/token/BasicToken.sol b/contracts/token/BasicToken.sol
index 053ba899c..9003118a0 100644
--- a/contracts/token/BasicToken.sol
+++ b/contracts/token/BasicToken.sol
@@ -13,7 +13,15 @@ contract BasicToken is ERC20Basic, SafeMath {
 
   mapping(address => uint) balances;
 
-  function transfer(address _to, uint _value) {
+/*
+ * Fix for the ERC20 short address attack  
+ */
+  modifier onlyPayloadSize(uint size) {
+     assert(msg.data.length == size + 4);
+     _;
+  }
+
+  function transfer(address _to, uint _value) onlyPayloadSize(2 * 32) {
     balances[msg.sender] = safeSub(balances[msg.sender], _value);
     balances[_to] = safeAdd(balances[_to], _value);
     Transfer(msg.sender, _to, _value);