NoBey/openzeppelin-contracts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix for short address attack

Browse Source 
as suggested by /u/izqui9 here https://www.reddit.com/r/ethereum/comments/63s917/worrysome_bug_exploit_with_erc20_token/dfwmhc3/
Attack description: 
https://blog.golemproject.net/how-to-find-10m-by-just-reading-blockchain-6ae9d39fcd95
This commit is contained in:
Jerome de Tychey
2017-04-07 11:30:18 +02:00
committed by GitHub
parent 14274f8677
commit d9b9ed227b
1 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
contracts/token/BasicToken.sol
View File

@ -13,7 +13,15 @@ contract BasicToken is ERC20Basic, SafeMath {
mapping(address => uint) balances; mapping(address => uint) balances;
function transfer(address _to, uint _value) { /*
* Fix for the ERC20 short address attack
*/
modifier onlyPayloadSize(uint size) {
assert(msg.data.length == size + 4);
_;
}
function transfer(address _to, uint _value) onlyPayloadSize(2 * 32) {
balances[msg.sender] = safeSub(balances[msg.sender], _value); balances[msg.sender] = safeSub(balances[msg.sender], _value);
balances[_to] = safeAdd(balances[_to], _value); balances[_to] = safeAdd(balances[_to], _value);
Transfer(msg.sender, _to, _value); Transfer(msg.sender, _to, _value);