广场
最新
热门
资讯
我的主页

Rust智能合约安全:3大关键策略防御DoS攻击

LiquidationWatchervip

Rust智能合约安全:防御拒绝服务攻击

拒绝服务(DoS)攻击会导致智能合约在一段时间内无法被正常使用,甚至永久瘫痪。主要原因包括:

  1. 合约逻辑存在计算复杂度过高的缺陷,导致Gas消耗超出限制。

  2. 跨合约调用时对外部合约执行状态的依赖,可能被外部合约阻塞。

  3. 合约所有者丢失私钥,无法执行关键的特权函数。

下面结合具体例子进行分析。

1. 避免遍历可被外部操控的大型数据结构

以下是一个简单的"分红"合约,存在DoS风险:

rust #[near_bindgen] #[derive(BorshDeserialize, BorshSerialize)] pub struct Contract { pub registered: Vec, pub accounts: UnorderedMap<accountid, balance="">, }

pub fn register_account(&mut self) { if self.accounts.insert(&env::predecessor_account_id(), &0).is_some() { env::panic("The account is already registered".to_string().as_bytes()); } else { self.registered.push(env::predecessor_account_id()); } log!("Registered account {}", env::predecessor_account_id()); }

pub fn distribute_token(&mut self, amount: u128) { assert_eq!(env::predecessor_account_id(), DISTRIBUTOR, "ERR_NOT_ALLOWED");

for cur_account in self.registered.iter() {
    let balance = self.accounts.get(&cur_account).expect("ERR_GET");
    self.accounts.insert(&cur_account, &balance.checked_add(amount).expect("ERR_ADD"));
    log!("Try distribute to account {}", &cur_account);
    
    ext_ft_token::ft_transfer(
        cur_account.clone(),
        amount,
        &FTTOKEN,
        0,
        GAS_FOR_SINGLE_CALL
    );
}

}

该合约的问题在于registered数组大小没有限制,可被恶意用户操控使其过大,导致distribute_token函数Gas消耗超限。

推荐的解决方案是采用"提现"模式:

rust pub fn distribute_token(&mut self, amount: u128) { assert_eq!(env::predecessor_account_id(), DISTRIBUTOR, "ERR_NOT_ALLOWED");

for account in self.registered.iter() {
    let balance = self.accounts.get(&account).unwrap();
    self.accounts.insert(&account, &(balance + amount));
}

}

pub fn withdraw(&mut self) { let account = env::predecessor_account_id(); let amount = self.accounts.get(&account).unwrap(); self.accounts.insert(&account, &0);

ext_ft_token::ft_transfer(account, amount, &FTTOKEN, 0, GAS_FOR_SINGLE_CALL);

}

2. 避免跨合约调用状态依赖

下面是一个"竞价"合约示例:

rust #[near_bindgen] #[derive(BorshDeserialize, BorshSerialize)] pub struct Contract { pub registered: Vec, pub bid_price: UnorderedMap<accountid,balance>, pub current_leader: AccountId, pub highest_bid: u128, }

pub fn bid(&mut self, sender_id: AccountId, amount: u128) -> PromiseOrValue { assert!(amount > self.highest_bid);

if self.current_leader == DEFAULT_ACCOUNT {
    self.current_leader = sender_id;
    self.highest_bid = amount;
} else {
    ext_ft_token::account_exist(
        self.current_leader.clone(),
        &FTTOKEN,
        0,
        env::prepaid_gas() - GAS_FOR_SINGLE_CALL * 4,
    ).then(ext_self::account_resolve(
        sender_id,
        amount,
        &env::current_account_id(),
        0,
        GAS_FOR_SINGLE_CALL * 3,
    ));
}

PromiseOrValue::Value(0)

}

#[private] pub fn account_resolve(&mut self, sender_id: AccountId, amount: u128) { match env::promise_result(0) { PromiseResult::Successful(_) => { ext_ft_token::ft_transfer( self.current_leader.clone(), self.highest_bid, &FTTOKEN, 0, GAS_FOR_SINGLE_CALL * 2, ); self.current_leader = sender_id; self.highest_bid = amount; } PromiseResult::Failed => { ext_ft_token::ft_transfer( sender_id.clone(), amount, &FTTOKEN, 0, GAS_FOR_SINGLE_CALL * 2, ); log!("Return Back Now"); } PromiseResult::NotReady => unreachable!(), }; }

该合约存在的问题是,如果前一个出价最高者注销了账户,新的竞价者将无法成功更新状态。

解决方法是实现合理的错误处理,例如将无法退回的代币暂存,后续再由用户自行提取:

rust pub struct Contract { // ... pub lost_found: UnorderedMap<accountid, balance="">, }

pub fn account_resolve(&mut self, sender_id: AccountId, amount: u128) { match env::promise_result(0) { PromiseResult::Successful(_) => { // 正常退款逻辑 } PromiseResult::Failed => { // 将无法退回的代币暂存 let lost_amount = self.lost_found.get(&self.current_leader).unwrap_or(0); self.lost_found.insert(&self.current_leader, &(lost_amount + self.highest_bid));

        // 更新状态
        self.current_leader = sender_id;
        self.highest_bid = amount;
    }
    PromiseResult::NotReady => unreachable!(),
}

}

pub fn withdraw_lost_found(&mut self) { let account = env::predecessor_account_id(); let amount = self.lost_found.get(&account).unwrap_or(0); if amount > 0 { self.lost_found.insert(&account, &0); ext_ft_token::ft_transfer(account, amount, &FTTOKEN, 0, GAS_FOR_SINGLE_CALL); } }

3. 避免单点故障

合约所有者私钥丢失会导致关键特权功能无法使用。解决方法是采用多签名机制:

rust pub struct Contract { pub owners: Vec, pub required_confirmations: u64, pub transactions: Vec, }

pub fn propose_transaction(&mut self, transaction: Transaction) { assert!(self.owners.contains(&env::predecessor_account_id()), "Not an owner"); self.transactions.push(transaction); }

pub fn confirm_transaction(&mut self, transaction_id: u64) { assert!(self.owners.contains(&env::predecessor_account_id()), "Not an owner");

let transaction = &mut self.transactions[transaction_id as usize];
transaction.confirmations += 1;

if transaction.confirmations >= self.required_confirmations {
    self.execute_transaction(transaction_id);
}

}

fn execute_transaction(&mut self, transaction_id: u64) { let transaction = self.transactions.remove(transaction_id as usize); // 执行交易逻辑 }

通过多签名机制,可以避免单个所有者私钥丢失导致的合约瘫痪,提高合约的去中心化程度和安全性。

</accountid,></accountid,balance></accountid,>

此页面可能包含第三方内容,仅供参考(非陈述/保证),不应被视为 Gate 认可其观点表述,也不得被视为财务或专业建议。详见声明
  • 赞赏
  • 5
  • 分享
评论
0/400
GasFee_Nightmarevip
· 18小时前
不愧是Gas大户
回复0
假装在读白皮书vip
· 18小时前
DoS都避免不了 还有啥安全可谈
回复0
HashRatePhilosophervip
· 18小时前
rust大军来啦,对手颤抖吧
回复0
测试网薅毛狂人vip
· 18小时前
防dos你搁这套理论呢
回复0
MEV迷踪侠vip
· 18小时前
Gas费爆表我麻了
回复0
网站地图
交易,随时随地
qrCode
扫码下载 Gate APP
社群列表
简体中文
  • 简体中文
  • English
  • Tiếng Việt
  • 繁體中文
  • Español
  • Русский
  • Français (Afrique)
  • Português (Portugal)
  • Bahasa Indonesia
  • 日本語
  • بالعربية
  • Українська
  • Português (Brasil)
    • 关于我们职业机会新闻中心合作伙伴用户协议风险警示隐私政策Cookie政策媒体工具包100%储备金牌照安全方案GateToken (GT)Gate ChainGate 事件执法请求线下峰会Gate Ventures
    买币卖币现货交易合约交易杠杆交易杠杆ETFNFTGate PayGate Life礼品卡Gate OTCGate CharityGate商城
    VIP权益机构服务建议反馈公告列表费率标准帮助中心提交工单上币申请智能合约安全开发者中心官方验证渠道C2C商家招募C2C蓝V申请代理计划币圈日历跨链方案
    学院加密货币课程加密货币行话加密货币行情大数据比特币减半加密货币百科
    Gate © 2013-2025.