Cover image
Blog iconweb3zoom

时间戳操纵

漏洞合约: 游戏合约,每个区块有一个合约玩家,若time.timestamp 为13的倍数,则拿走所有的奖金。// SPDX-License-Identifier: MIT pragma solidity ^0.8.30; contract TimeGame { uint public lastBlockTime; constructor() payable {} function play() external payable { require(msg.value >= 1 ether); require(block.timestamp != lastBlockTime); lastBlockTime = block.timestamp; if(block.timestamp % 13 == 0){ payable (msg.sender).transfer(address(this).balance); } } receive() external payable { } } 攻击原理: 当合约汇集大量资金,矿工有足够的时间操作时间戳,可以根据需要进行修改,向13的倍数进行...

web3zoom

Written by
web3zoom

10多年的软件开发经验,包括大数据、AI等领域,熟悉Go、Java、Python等语言使用,最近学习rust语言,目前从事技术管理、架构师相关工作

Writer coin
Subscribe

Support web3zoom

Support this publication to show you appreciate and believe in them. As their writing reaches more readers, your coins may grow in value.