{"content":{"title":"ORT事件 漏洞分析","body":"# 1.\t漏洞简介\r\nhttps://twitter.com/BeosinAlert/status/1615197760546037760\r\n\r\n![1.png](https://img.learnblockchain.cn/attachments/2023/01/l7kvWMKz63c65b68c27ef.png)\r\n# 2.\t相关地址或交易\r\n攻击交易1：\r\nhttps://phalcon.blocksec.com/tx/bsc/0xfe2cacc8e2f91fdee534c577c68ad53cbdf353cb592d16b120f9dcf54f31b1a3\r\n攻击交易2：\r\nhttps://phalcon.blocksec.com/tx/bsc/0xa0893ac9a8e1eb7cc55530fb0b216c4d7091eb4ee7f7de40e4a6355146190053\r\n攻击合约：0xdd87d807774c8aa9d70fc6af5912c97fadbf531b\r\n攻击账号：0x9bbd94506398a1459f0cd3b2638512627390255e\r\n被攻击合约：ORT  0x6f40a3d0c89cffdc8a1af212a019c220a295e9bb\r\n \r\n0x26bc1245b8476086e85553e60ee5e3e59fed9be0\r\n# 3.\t获利分析\r\n\r\n![2.png](https://img.learnblockchain.cn/attachments/2023/01/BjLptFlo63c65b918ccf1.png)\r\n# 4.\t攻击过程&漏洞原因\r\n查看攻击交易过程，可分为两个步骤：\r\n1)\t步骤1 ：Invest\r\n攻击者调用合约0x6f40a3d0c89cffdc8a1af212a019c220a295e9bb的invest方法，参数end_date不为3、6、12、24即可：\r\n\r\n![3.png](https://img.learnblockchain.cn/attachments/2023/01/lwzBMEu063c65babd7987.png)\r\n查看合约代码可知，当end_date不为3、6、12、24时，duration[msg.sender] 的值为默认值，即为0；\r\n在函数_Check_reward中，参数durations为0时，系统将直接返回total_percent ，绕过了系统逻辑：\r\n\r\n![4.png](https://img.learnblockchain.cn/attachments/2023/01/ziUr7MVF63c65bb9bd658.png)\r\n系统将攻击者账号的奖励数量 check_reward存入数组tokens_staking中：\r\n\r\n![5.png](https://img.learnblockchain.cn/attachments/2023/01/y5ZaBzm463c65bd59a35a.png)\r\n2)\t步骤2：withdrawAndClaim\r\n攻击者调用合约的withdrawAndClaim函数取回收益，ORT合约将mint与total_percent数量相同的代币给攻击者。\r\n\r\n![6.png](https://img.learnblockchain.cn/attachments/2023/01/p7I9FmSG63c65be4730a7.png)"},"author":{"user":"https://learnblockchain.cn/people/10579","address":null},"history":null,"timestamp":1673944081,"version":1}