picture and text course: unlimited use of bec currency and vulnerability analysis (multi picture early warning)

Posted by punzalan at 2020-02-27

Not long ago, everyone must have known about the BEC loophole. Through this loophole, hackers have brushed two waves of astronomical and digital BEC coins for themselves, and many people must be drooling. Although bear can't teach you how to make a profit in the real world, it's OK to make a profit in the virtual environment. By the way, you can learn the deployment of blockchain and smart contract. Maybe you can use them later, and then you can go to the top of your life.

Now we will start to build a test network and print a batch of BEC coins for ourselves.

(1) Environment construction

Installation of geth client and command line is mainly used to run Ethereum node, manage account, mine and deploy smart contract.

Specific environment: win10 64 bit, geth 1.8.6 (64 bit)

Download address:

(2) Ethereum, contract deployment

1. Prepare the genesis block file genesis.json as follows:




"difficulty": "0x4000", 

"alloc": {}, 


"timestamp": "0x00", 


"extraData": "0x", 


"config": {} 


The function of relevant parameters can be understood by Baidu itself, where difficultly represents the difficulty of mining.

2. Initializing the creation block

Open cmd.exe with administrator's permission. In the directory of geth.exe, enter

geth --datadir "%cd%\chain" init  genesis.json

Note that the path and the creation block file name should match.

3. Start blockchain node

Open cmd.exe with administrator permission. In the directory of geth.exe, enter:

geth --identity "MYeth" --rpc --rpccorsdomain "*" --datadir "%cd%\chain" --port "30303" --rpcapi "db,eth,net,web3,debug" --rpcaddr "" --rpcport "8545" --networkid 95518 console

The function of relevant parameters can be understood by Baidu.

See welcome to the geth JavaScript console!

With the last ">" symbol, it means that the startup is completed.

4. Create user, create user command is below (user password in parentheses)


You can see that I have created three users

For convenience, the three users are named Zhangsan, Lisi and Wangwu

5. When mining eth, the difficulty parameter setting is relatively low when creating the block file, so an eth will be dug soon (if you can print money in this way in reality...)

Mining instructions are as follows (the CPU involved in mining is shown in parentheses. If not specified, all CPU resources will be used, which may affect the operation)

> miner.start(1)

After digging for a period of time, we need the following instructions to stop mining, or we will continue to dig

> miner.stop() 

Query the ETH quantity instruction as follows. You can see that there is an eth on Zhangsan

> eth.getBalance(zhangsan) 

(3) Unlimited printing

1. Copy the source code of BEC smart contract, compile with online Remix tool, click "start to compile", then select "bectoken" from the drop-down box, and click "detail".

After that, you can see that there are many yellow warnings in the bottom right of Remix interface, which will not affect the use unless there is a red error.

BEC smart contract address:

Online Remix tools:

2. Copy the code in web3depoly, paste it into geth console, and press enter.

3. An error will be prompted at this time. Because the master node has not unlocked the account, you need to unlock it by command, and then enter the password of Zhangsan to complete the unlocking.


4. Copy the code in web3depoly and paste it into geth console. Enter.

5. It can be seen that the contract has been submitted to the blockchain, but it has not yet been generated, so it is necessary to dig the mine so as to successfully deploy. Then, type "bectoken." (followed by a dot) and press tab on the keyboard to see that you can use the functions in bectoken.

6. Overflow transfer

Here is a hole. I have been in a hole for a long time. I accidentally found another hole. However, it is not another hole in BEC contract, but it comes from console. Previously, I used this command to transfer money: (the green long string number is the specific value of 2 ^ 255)


But I always failed, and because of the large number, I always wonder if I have made a mistake in copying. In order not to get tangled up, I tried:


It is still a failure. The account numbers of Li Si and Wang Wu are still 0.

In that case, use Remix single step debugging to see what's going on.

Note here that Remix needs to be connected to the local environment before debugging.

After the debugging environment is configured, return to console and enter the transaction instruction:

> bectoken.batchTransfer([lisi,wangwu],Math.pow(2,255),{from:zhangsan})

The authentication error is prompted, so unlock Zhang San's account, and then enter the transaction instruction again, you can see the hash value of this transaction.

Of course, you can see that this transaction is only in submission status. Through the eth.gettransaction instruction, you can see that there is no blocknumber. Therefore, you need to dig miner.start (1) to record it to the blockchain for debugging.

The debugging interface is as follows. The main functions on the right are

7 main debugging commands -- such as commonly used steps, steps, etc

Solid locales - local parameters

Step detail -- execution details

Stack - stack

Debugging found that this code could not be successfully bypassed all the time:

require(_value > 0 && balances[msg.sender] >= amount);   

Because the value passed in is not 2 ^ 255, but 0x800000000000016c889

Therefore, the amount will not be 0, and there are not so many BEC coins in Zhangsan's account, so it cannot be bypassed.

Try another way. In the source code, set the value of ﹐ value to 2 ^ 255, so that you can bypass and transfer successfully. At least, it proves that bypassing is feasible.

In this case, I doubt that there is a problem when console transmits ﹐ value. So what's the problem? I found a lot of data on Baidu that can't be solved. Finally, I tried to post on GitHub to consult geth team. I received the reply from this little brother soon after posting. Thank you! It turns out to be an overflow.

The console is based on JavaScript, and JavaScript uses float-s to represent numbers. If you directly pass a value of 2 ^ 255, there will be an overflow. The direct result is that the value will change.

The solution is to use JavaScript's large number library to represent large numbers, so that arbitrary precision integers can be used.

A word awakens the dreamer, and then how can I express this idea? Finally, it is realized as follows:

2 ^ 255 is represented by web3.tobignumber, and a wave of astronomical BEC coins has been successfully applied to the accounts of Li Si and Wang Wu.

var value = web3.toBigNumber('57896044618658097711785492504343953926634992332820282019728792003956564819968');

In addition, you may wonder why there is a BEC in Zhangsan's account. Read the BEC contract carefully, and you will find that the contract stipulates that the creator will hold some initial tokens after the contract comes into effect, which is basically available in every contract, because this is the basic profit-making method, so it's not surprising.

(4) Role of security code

The above has successfully brushed a wave of BEC coins, and it can be seen in the news that after the loopholes burst, the BEC coins fell sharply, causing such great harm, so how to solve the problem of integer overflow?

In fact, BEC contract itself has answered this question. In addition to the line code of vulnerability, you will find that other operations use the function in safemath library to do the effect.

Change the source code of BEC contract, change the * in the vulnerability line code to the mul function in the library, and then repeat the above process.

At this time, the detection cannot be bypassed, and the transfer fails.

Analyze the mul function and substitute the specific value:

Suppose: a = 2, B = 2 ^ 255

Then: C = a * b = 0

But: C / a = 0! = b

So it can't bypass the safe operation function.

There are many contents involved, but there are still many endless points.

If you do not understand, welcome to pay attention to the official account and exchange. The big bear will reply as soon as possible. Thank you.