BEC and SMT’s Smart Contract Security Loopholes Analysis — By Yee Blockchain Team
Recently, the exposure of BEC and SMT’s smart contract security loopholes has panicked a lot of blockchain practitioners.
Let’s have a look at the “crime scene” first.
Upon the exposure, Yee team checked BEC and SMT’s smart contract code immediately, and found out that BEC’s smart contract security loophole is due to the data overflow of BatchTransfer loophole, and SMT’s smart contract security loophole is caused because there is no protection for large numbers in the proxy transfer logic, resulting in the overflow of large numbers.
The root cause of these two problems is that library SafeMath is not used, and ordinary addition, subtraction, multiplication and division are used.
For example, in the BEC loophole, this multiplication does not use library SafeMath. Instead, it uses “*”, which causes data overflow.
By the same token, the error code of SMT’s smart contract does not use the official library SafeMath, but uses the ordinary “+” instead, which leads to large numbers lacking protections in the proxy transfer logic, resulting in the overflow of large numbers.
The correct way is to use the library SafeMath function as our code does to complete the smart contract code, which can ensure the security and stability of the smart contract code.
Currently, many of the exposed loopholes are due to the direct use of ordinary addition, subtraction, multiplication, and division, and lack of overflow judgment, which poses the data overflow risk. However, the use of library SafeMath can completely solve the problem of data overflow. Hence, the solution is simple: look through the smart contract code, and replace “+” “-” “*” “/” with library SafeMath. This can completely solve the problem of data overflow.
Here, Yee also hopes that all blockchain practitioners could pay more attention to the technical level while attending meetings and enhancing media exposure. Only safe technologies can guarantee the normal operation of blockchain products and enable more people to Enjoy the various services brought by the blockchain.
Yee application YeeCall itself faces enormous technical challenges. We have built a global communications network with 5 data centers and more than 400 relay nodes, and this network is once called by AWS and Telstra as the “Last Mile” of the global communications network. In order to solve the complex environment and ultra multi-terminal support problems in mobile-end communications, our technical team keep coding days and nights and managed to develop a communication protocol that completely possesses independent intellectual property rights, and we also creatively used artificial intelligence to solve the noise elimination problem. All of these are serving the same goal: to make YeeCall users have a better user experience and communicate more closely with family and friends.
We love technology and embrace the blockchain. We also welcome talents in Java, server, Android, iOS, and blockchain technology fields to join the Yee team and create a better future for the blockchain. If you’re interested in joining us, please contact us at: firstname.lastname@example.org
Follow us on Twitter to get the latest updates: https://twitter.com/YeeToken
Join Yee official group in YeeCall to get free YEE giveaway http://doodle.yeecall.com/shares/invite?id=5ac4d19ae4b03a80d851c2be
Check out more details about Yee project, YeeCall, and YEE token at our website and other channels:
Our website: www.yeefoundation.com