當前位置:首頁 > 物聯(lián)網(wǎng) > 區(qū)塊鏈
[導(dǎo)讀] 近日據(jù)慢霧區(qū)情報顯示,針對門羅幣(XMR)轉(zhuǎn)賬鎖定攻擊在多個交易所出現(xiàn),慢霧安全團隊在收到情報第一時間進行分析跟進,本著負責(zé)任披露的原則我們第一時間在慢霧區(qū)進行了預(yù)警并為我們所服務(wù)的客戶進行了及

近日據(jù)慢霧區(qū)情報顯示,針對門羅幣(XMR)轉(zhuǎn)賬定攻擊在多個交易所出現(xiàn),慢霧安全團隊在收到情報第一時間進行分析跟進,本著負責(zé)任披露的原則我們第一時間在慢霧區(qū)進行了預(yù)警并為我們所服務(wù)的客戶進行了及時的情報同步以及協(xié)助檢測和修復(fù)。

攻擊步驟

0x01:通過 monero-wallet-cli 輸入密碼登錄錢包

0x02:通過命令發(fā)送鎖定交易

0x03:轉(zhuǎn)賬完成,交易所未進行鎖定交易(locked_transfer)檢測,接收到被設(shè)置鎖定區(qū)塊高度才能解鎖的幣(可以理解為鎖定了指定時間)。

0x04:惡意用戶立即提幣走人,留下交易所一臉懵逼。

造成影響

首先該攻擊不會導(dǎo)致交易所任何資金損失,但是會鎖定了交易所 XMR 流動性。

極端情況舉例:如果交易所收到的都是需要鎖定一年甚至更多年的門羅幣則會導(dǎo)致一年內(nèi)用戶來提幣的時候無幣可以提(只能去購買額外的幣來給用戶提?。?/p>

關(guān)于 locked_transfer 命令

monero-wallet-cli 關(guān)于 locked_transfer 命令解釋如下:

locked_transfer [index=《N1》[,《N2》,。..]] [《priority》] [《ring_size》] (《URI》 | 《addr》 《amount》) 《lockblocks》 [《payment_id (obsolete)》]

轉(zhuǎn)賬命令:

locked_transfer FromAddress ToAddress 0.0101 20000

FromAddress:發(fā)送地址(一般為攻擊者錢包地址)

ToAddress:接收地址(一般為交易所錢包地址)

0.0101:為轉(zhuǎn)賬金額

20000:為鎖定區(qū)塊數(shù)

如何防護

一般交易所會通過 get_transfers RPC 接口來解析 XMR 交易檢測充值是否到賬,在進行解析的時候只需要對 unlock_time 字段進行判斷是否大于 0 則可以進行有效檢測。

注:unlock_TIme 為 int 類型,如果大于 0 則意味著該交易有鎖定區(qū)塊,為惡意交易可以不予確認到賬。為了避免充值不予到賬損害“用戶”利益可以進行另外一種處理:判斷鎖定區(qū)塊是否到達,如果未到達則不予入賬。

所有受影響 RPC 接口

(1)get_transfer

(2)get_bulk_payments

(3)show_transfer

(4)get_payments

同理:在其他地方使用了如上四個接口的地方也需要對 unlock_TIme 字段進行判斷是否大于 0 ,大于 0 則不予充值到賬。

該問題之前在 HackerOne 也有被白帽子提過漏洞賞金,其中門羅官方回復(fù):

附:以下內(nèi)容為官方文檔摘錄

get_transfers

Returns a list oftransfers.

Alias: None.

Inputs:

· in - boolean; (OpTIonal) Include incoming transfers.

· out - boolean; (OpTIonal) Include outgoing transfers.

· pending - boolean; (Optional) Include pending transfers.

· failed - boolean; (Optional) Include failed transfers.

· pool - boolean; (Optional) Include transfers from the daemon‘s transaction pool.

· filter_by_height - boolean; (Optional) Filter transfers by block height.

· min_height - unsigned int; (Optional) Minimum block height to scan for transfers, if filtering by height is enabled.

· max_height - unsigned int; (Opional) Maximum block height to scan for transfers, if filtering by height is enabled (defaults to max block height)。

· account_index - unsigned int; (Optional) Index of the account to query for transfers. (defaults to 0)

· subaddr_indices - array of unsigned int; (Optional) List of subaddress indices to query for transfers. (Defaults to empty - all indices)

Outputs:

· in array of transfers:

· address - string; Public address of the transfer.

· amount - unsigned int; Amount transferred.

· confirmations - unsigned int; Number of block mined since the block containing this transaction (or block height at which the transaction should be added to a block if not yet confirmed)。

· double_spend_seen - boolean; True if the key image(s) for the transfer have been seen before.

· fee - unsigned int; Transaction fee for this transfer.

· height - unsigned int; Height of the first block that confirmed this transfer (0 if not mined yet)。

· note - string; Note about this transfer.

· payment_id - string; Payment ID for this transfer.

· subaddr_index - JSON object containing the major & minor subaddress index:

major - unsigned int; Account index for the subaddress.

minor - unsigned int; Index of the subaddress under the account.

· suggested_confirmations_threshold - unsigned int; Estimation of the confirmations needed for the transaction to be included in a block.

· timestamp - unsigned int; POSIX timestamp for when this transfer was first confirmed in a block (or · timestamp submission if not mined yet)。

·txid - string; Transaction ID for this transfer.

·type - string; Transfer type: “in”

·unlock_time - unsigned int; Number of blocks until transfer is safely spendable.

·out array of transfers (see above)。

·pending array of transfers (see above)。

·failed array of transfers (see above)。

·pool array of transfers (see above)。

Example:

$ curl -X POST http://127.0.0.1:18082/json_rpc -d ’{“jsonrpc”:“2.0”,“id”:“0”,“method”:“get_transfers”,“params”:{“in”:true,“account_index”:1}}‘ -H ’Content-Type: application/json‘

{

“id”: “0”,

“jsonrpc”: “2.0”,

“result”: {

“in”: [{

“address”: “77Vx9cs1VPicFndSVgYUvTdLCJEZw9h81hXLMYsjBCXSJfUehLa9TDW3Ffh45SQa7xb6dUs18mpNxfUhQGqfwXPSMrvKhVp”,

“amount”: 200000000000,

“confirmations”: 1,

“double_spend_seen”: false,

“fee”: 21650200000,

“height”: 153624,

“note”: “”,

“payment_id”: “0000000000000000”,

“subaddr_index”: {

“major”: 1,

“minor”: 0

},

“suggested_confirmations_threshold”: 1,

“timestamp”: 1535918400,

“txid”: “c36258a276018c3a4bc1f195a7fb530f50cd63a4fa765fb7c6f7f49fc051762a”,

“type”: “in”,

“unlock_time”: 0

}]

}

}

get_payments

Get a list ofincoming payments using a given payment id.

Alias: None.

Inputs:

· payment_id - string; Payment ID used to find the payments (16 characters hex)。

Outputs:

· payments - list of:

· payment_id - string; Payment ID matching the input parameter.

· tx_hash - string; Transaction hash used as the transaction ID.

· amount - unsigned int; Amount for this payment.

· block_height - unsigned int; Height of the block that first confirmed this payment.

· unlock_time - unsigned int; Time (in block height) until this payment is safe to spend.

·subaddr_index - subaddress index:

major - unsigned int; Account index for the subaddress.

minor - unsigned int; Index of the subaddress in the account.

· address - string; Address receiving the payment; Base58 representation of the public keys.

Example:

$ curl -X POST http://127.0.0.1:18082/json_rpc -d ’{“jsonrpc”:“2.0”,“id”:“0”,“method”:“get_payments”,“params”:{“payment_id”:“60900e5603bf96e3”}}‘ -H ’Content-Type: application/json‘

{

“id”: “0”,

“jsonrpc”: “2.0”,

“result”: {

“payments”: [{

“address”: “55LTR8KniP4LQGJSPtbYDacR7dz8RBFnsfAKMaMuwUNYX6aQbBcovzDPyrQF9KXF9tVU6Xk3K8no1BywnJX6GvZX8yJsXvt”,

“amount”: 1000000000000,

“block_height”: 127606,

“payment_id”: “60900e5603bf96e3”,

“subaddr_index”: {

“major”: 0,

“minor”: 0

},

“tx_hash”: “3292e83ad28fc1cc7bc26dbd38862308f4588680fbf93eae3e803cddd1bd614f”,

“unlock_time”: 0

}]

}

}

get_bulk_payments

Get a list ofincoming payments using a given payment id, or a list of payments ids, from agiven height. This method is the preferred method over get_paymentsbecause it has the same functionality butis more extendable. Either is fine for looking up transactions by a singlepayment ID.

Alias: None.

Inputs:

· payment_ids - array of: string; Payment IDs used to find the payments (16 characters hex)。

· min_block_height - unsigned int; The block height at which to start looking for payments.

Outputs:

·payments - list of:

· payment_id - string; Payment ID matching one of the input IDs.

· tx_hash - string; Transaction hash used as the transaction ID.

· amount - unsigned int; Amount for this payment.

· block_height - unsigned int; Height of the block that first confirmed this payment.

·unlock_time - unsigned int; Time (in block height) until this payment is safe to spend.

· subaddr_index - subaddress index:

major - unsigned int; Account index for the subaddress.

minor - unsigned int; Index of the subaddress in the account.

· address - string; Address receiving the payment; Base58 representation of the public keys.

Example:

$ curl -X POST http://127.0.0.1:18082/json_rpc -d ’{“jsonrpc”:“2.0”,“id”:“0”,“method”:“get_bulk_payments”,“params”:{“payment_ids”:[“60900e5603bf96e3”],“min_block_height”:“120000”}}‘ -H ’Content-Type: application/json‘

{

“id”: “0”,

“jsonrpc”: “2.0”,

“result”: {

“payments”: [{

“address”: “55LTR8KniP4LQGJSPtbYDacR7dz8RBFnsfAKMaMuwUNYX6aQbBcovzDPyrQF9KXF9tVU6Xk3K8no1BywnJX6GvZX8yJsXvt”,

“amount”: 1000000000000,

“block_height”: 127606,

“payment_id”: “60900e5603bf96e3”,

“subaddr_index”: {

“major”: 0,

“minor”: 0

},

“tx_hash”: “3292e83ad28fc1cc7bc26dbd38862308f4588680fbf93eae3e803cddd1bd614f”,

“unlock_time”: 0

}]

}

}

get_transfer_by_txid

Show informationabout a transfer to/from this address.

Alias: None.

Inputs:

· txid - string; Transaction ID used to find the transfer.

· account_index - unsigned int; (Optional) Index of the account to query for the transfer.

Outputs:

·transfer - JSON object containing payment information:

·address - string; Address that transferred the funds. Base58 representation of the public keys.

·amount - unsigned int; Amount of this transfer.

·confirmations - unsigned int; Number of block mined since the block containing this transaction (or block height at which the transaction should be added to a block if not yet confirmed)。

·destinations - array of JSON objects containing transfer destinations:

·amount - unsigned int; Amount transferred to this destination.

·address - string; Address for this destination. Base58 representation of the public keys.

·double_spend_seen - boolean; True if the key image(s) for the transfer have been seen before.

·fee - unsigned int; Transaction fee for this transfer.

·height - unsigned int; Height of the first block that confirmed this transfer.

·note - string; Note about this transfer.

·payment_id - string; Payment ID for this transfer.

·subaddr_index - JSON object containing the major & minor subaddress index:

major - unsigned int; Account index for the subaddress.

minor - unsigned int; Index of the subaddress under the account.

·suggested_confirmations_threshold - unsigned int; Estimation of the confirmations needed for the transaction to be included in a block.

·timestamp - unsigned int; POSIX timestamp for the block that confirmed this transfer (or timestamp submission if not mined yet)。

·txid - string; Transaction ID of this transfer (same as input TXID)。

·type - string; Type of transfer, one of the following: “in”, “out”, “pending”, “failed”, “pool”

·unlock_time - unsigned int; Number of blocks until transfer is safely spendable.

Example:

$ curl -X POST http://localhost:18082/json_rpc -d ’{“jsonrpc”:“2.0”,“id”:“0”,“method”:“get_transfer_by_txid”,“params”:{“txid”:“c36258a276018c3a4bc1f195a7fb530f50cd63a4fa765fb7c6f7f49fc051762a”}}‘ -H ’Content-Type: application/json‘

{

“id”: “0”,

“jsonrpc”: “2.0”,

“result”: {

“transfer”: {

“address”: “55LTR8KniP4LQGJSPtbYDacR7dz8RBFnsfAKMaMuwUNYX6aQbBcovzDPyrQF9KXF9tVU6Xk3K8no1BywnJX6GvZX8yJsXvt”,

“amount”: 300000000000,

“confirmations”: 1,

“destinations”: [{

“address”: “7BnERTpvL5MbCLtj5n9No7J5oE5hHiB3tVCK5cjSvCsYWD2WRJLFuWeKTLiXo5QJqt2ZwUaLy2Vh1Ad51K7FNgqcHgjW85o”,

“amount”: 100000000000

},{

“address”: “77Vx9cs1VPicFndSVgYUvTdLCJEZw9h81hXLMYsjBCXSJfUehLa9TDW3Ffh45SQa7xb6dUs18mpNxfUhQGqfwXPSMrvKhVp”,

“amount”: 200000000000

}],

“double_spend_seen”: false,

“fee”: 21650200000,

“height”: 153624,

“note”: “”,

“payment_id”: “0000000000000000”,

“subaddr_index”: {

“major”: 0,

“minor”: 0

},

“suggested_confirmations_threshold”: 1,

“timestamp”: 1535918400,

“txid”: “c36258a276018c3a4bc1f195a7fb530f50cd63a4fa765fb7c6f7f49fc051762a”,

“type”: “out”,

“unlock_time”: 0

}

}

}

本站聲明: 本文章由作者或相關(guān)機構(gòu)授權(quán)發(fā)布,目的在于傳遞更多信息,并不代表本站贊同其觀點,本站亦不保證或承諾內(nèi)容真實性等。需要轉(zhuǎn)載請聯(lián)系該專欄作者,如若文章內(nèi)容侵犯您的權(quán)益,請及時聯(lián)系本站刪除。
換一批
延伸閱讀

9月2日消息,不造車的華為或?qū)⒋呱龈蟮莫毥谦F公司,隨著阿維塔和賽力斯的入局,華為引望愈發(fā)顯得引人矚目。

關(guān)鍵字: 阿維塔 塞力斯 華為

加利福尼亞州圣克拉拉縣2024年8月30日 /美通社/ -- 數(shù)字化轉(zhuǎn)型技術(shù)解決方案公司Trianz今天宣布,該公司與Amazon Web Services (AWS)簽訂了...

關(guān)鍵字: AWS AN BSP 數(shù)字化

倫敦2024年8月29日 /美通社/ -- 英國汽車技術(shù)公司SODA.Auto推出其旗艦產(chǎn)品SODA V,這是全球首款涵蓋汽車工程師從創(chuàng)意到認證的所有需求的工具,可用于創(chuàng)建軟件定義汽車。 SODA V工具的開發(fā)耗時1.5...

關(guān)鍵字: 汽車 人工智能 智能驅(qū)動 BSP

北京2024年8月28日 /美通社/ -- 越來越多用戶希望企業(yè)業(yè)務(wù)能7×24不間斷運行,同時企業(yè)卻面臨越來越多業(yè)務(wù)中斷的風(fēng)險,如企業(yè)系統(tǒng)復(fù)雜性的增加,頻繁的功能更新和發(fā)布等。如何確保業(yè)務(wù)連續(xù)性,提升韌性,成...

關(guān)鍵字: 亞馬遜 解密 控制平面 BSP

8月30日消息,據(jù)媒體報道,騰訊和網(wǎng)易近期正在縮減他們對日本游戲市場的投資。

關(guān)鍵字: 騰訊 編碼器 CPU

8月28日消息,今天上午,2024中國國際大數(shù)據(jù)產(chǎn)業(yè)博覽會開幕式在貴陽舉行,華為董事、質(zhì)量流程IT總裁陶景文發(fā)表了演講。

關(guān)鍵字: 華為 12nm EDA 半導(dǎo)體

8月28日消息,在2024中國國際大數(shù)據(jù)產(chǎn)業(yè)博覽會上,華為常務(wù)董事、華為云CEO張平安發(fā)表演講稱,數(shù)字世界的話語權(quán)最終是由生態(tài)的繁榮決定的。

關(guān)鍵字: 華為 12nm 手機 衛(wèi)星通信

要點: 有效應(yīng)對環(huán)境變化,經(jīng)營業(yè)績穩(wěn)中有升 落實提質(zhì)增效舉措,毛利潤率延續(xù)升勢 戰(zhàn)略布局成效顯著,戰(zhàn)新業(yè)務(wù)引領(lǐng)增長 以科技創(chuàng)新為引領(lǐng),提升企業(yè)核心競爭力 堅持高質(zhì)量發(fā)展策略,塑強核心競爭優(yōu)勢...

關(guān)鍵字: 通信 BSP 電信運營商 數(shù)字經(jīng)濟

北京2024年8月27日 /美通社/ -- 8月21日,由中央廣播電視總臺與中國電影電視技術(shù)學(xué)會聯(lián)合牽頭組建的NVI技術(shù)創(chuàng)新聯(lián)盟在BIRTV2024超高清全產(chǎn)業(yè)鏈發(fā)展研討會上宣布正式成立。 活動現(xiàn)場 NVI技術(shù)創(chuàng)新聯(lián)...

關(guān)鍵字: VI 傳輸協(xié)議 音頻 BSP

北京2024年8月27日 /美通社/ -- 在8月23日舉辦的2024年長三角生態(tài)綠色一體化發(fā)展示范區(qū)聯(lián)合招商會上,軟通動力信息技術(shù)(集團)股份有限公司(以下簡稱"軟通動力")與長三角投資(上海)有限...

關(guān)鍵字: BSP 信息技術(shù)
關(guān)閉
關(guān)閉