题目信息
- 题目名称: Payday
- 作者: bobface
- 难度: 中级
- 类型: Merkle 树安全
题目描述
Your competitor has just set up a node operator fee claiming contract for their users. It would be a shame if it stopped working properly...
Merkle 树结构:
- 包含 20 个收款人,每个可以提取指定的 ETH 余额
- 叶子存储
keccak256(recipient || amount || validUntil)的哈希值
胜利条件
合约余额少于 1 ETH,且 20 个原始收款人均未领取(余额为 0)。
漏洞分析
1. 核心合约
contract Distributor {
bytes32 public root;
mapping(address => bool) public hasClaimed;
function withdraw(
bytes calldata params,
bytes32[] calldata proof
) external {
require(params.length == 64, "invalid params");
bytes32 leaf = keccak256(params); // ← 关键漏洞点
require(MerkleProof.verifyProof(leaf, root, proof), "invalid proof");
(address recipient, uint72 amount, uint184 validUntil) = decodeParams(params);
require(!hasClaimed[recipient], "already claimed");
require(validUntil >= block.timestamp, "expired");
hasClaimed[recipient] = true;
(bool success, ) = recipient.call{value: amount}("");
require(success, "failed to send ether");
}
}
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
暂无评论内容