Oracle预言机充当智能合约与外部世界之间的桥梁,它们可以从外部获取数据,并将这些数据传递给智能合约。
智能合约在接收到来自预言机的数据后,可以根据这些数据执行相应的逻辑。
contract ContractTest is Test {
AggregatorV3Interface internal priceFeed;
function setUp() public {
vm.createSelectFork("mainnet", 17568400);
priceFeed = AggregatorV3Interface(
0x5f4eC3Df9cbd43714FE2740f5E3616155c5b8419
); // ETH/USD
}
function testUnSafePrice() public {
//没有经过二次的校验
(, int256 answer, , , ) = priceFeed.latestRoundData();
emit log_named_decimal_int("price", answer, 8);
}
function testSafePrice() public {
(
uint80 roundId,
int256 answer,
,
uint256 updatedAt,
uint80 answeredInRound
) = priceFeed.latestRoundData();
/*
Mitigation:
answeredInRound: The round ID in which the answer was computed
updatedAt: Timestamp of when the round was updated
answer: The answer for this round
*/
require(answeredInRound >= roundId, "answer is stale");
require(updatedAt > 0, "round is incomplete");
require(answer > 0, "Invalid feed answer");
emit log_named_decimal_int("price", answer, 8);
}
interface AggregatorV3Interface {
functionlatestRoundData()
external
view
returns(
uint80 roundId,
int256 answer,
uint256 startedAt,
uint256 updatedAt,
uint80 answeredInRound
);
}
contract ContractTest is Test {
AggregatorV3Interface internal priceFeed;
functionsetUp() public{
vm.createSelectFork("mainnet", 17568400);
priceFeed = AggregatorV3Interface(
0x5f4eC3Df9cbd43714FE2740f5E3616155c5b8419
); // ETH/USD
}
functiontestUnSafePrice() public{
//Chainlink oracle data feed is not sufficiently validated and can return stale price.
(, int256 answer, , , ) = priceFeed.latestRoundData();
emit log_named_decimal_int("price", answer, 8);
}
functiontestSafePrice() public{
(
uint80 roundId,
int256 answer,
,
uint256 updatedAt,
uint80 answeredInRound
) = priceFeed.latestRoundData();
/*
Mitigation:
answeredInRound: The round ID in which the answer was computed
updatedAt: Timestamp of when the round was updated
answer: The answer for this round
*/
require(answeredInRound >= roundId, "answer is stale");
require(updatedAt > 0, "round is incomplete");
require(answer > 0, "Invalid feed answer");
emit log_named_decimal_int("price", answer, 8);
}
receive() external payable {}
}
answer:答案,也就我们要的值
updatedAt:答案最后更新的时间戳
require(answeredInRound >= roundId, "answer is stale");
require(updatedAt > 0, "round is incomplete");
require(answer > 0, "Invalid feed answer");
原文始发于微信公众号(Ice ThirdSpace):DeFiVulnLabs靶场全系列详解(三十四)预言机产生了过时的价格
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论