EFEVD: Enhanced Feature Extraction for Smart Contract Vulnerability Detection
假设,攻击者在合约 Dao 内存放有 1 Ether
攻击者调用 withdraw 函数,提取 1 Ether;
函数执行到 require 之后, balances 之前时,6789-=6789-=6789-=
contract Dao {function withdraw() public {require(balances[msg.sender] >= 1 ether,"Insufficient funds.");uint256 bal = balances[msg.sender];// 使用 call 方法尝试将 bal 数量的 Ether 发送给 msg.sender;call 方法返回一个布尔值 sent,表示是否成功发送。// require sent 为 true,否则将抛出错误并返回错误信息 "Failed to withdraw."。(bool sent, ) = msg.sender.call{value: bal}("");require(sent, "Failed to withdraw.");balances[msg.sender] = 0;}
}
