ERC20批量转账空投智能合约兼容问题

区块链系列许久没有更新了 , 这里更新一篇关于 ERC20 智能合约批量转账(空投)的文章 .

在以太坊开发中 , 免不了会有批量转账(空投)的需求 . 因为 nonce 机制的问题 , 转账的形式明显不智 , 此时我们需要通过智能合约实现 . 通常空投合约我们是在网上找一份 , 然后 Tether USDT 首当其冲成为我们的测试 Token .

在两者合约部署后 , 测试时很可能发现无法空投成功 , 得到 Gas estimation failed...gas required exceeds allowance... 的错误(当然有先 approve 成功) . 于是乎我们去空投合约各种定位问题 , 最终可能也很难发现问题 . 其实这里并不是空投合约自身产生了问题 , 而是一个 Token 合约兼容性的问题 . 接下来我们进入分析 .

过程分析

首先是先 copy 一份 Tether USDT 的合约源码进行部署 , 这里我们选择 Rinkeby 测试网络 , 过程略过 .

然后我们再部署空投合约 .

笔者最初是在以下空投合约基础上选择后进行了修改 , 然后部署 .

• multisender
• Token-BulkSender

两者均有演示网站 , 最后笔者选择了 multisender

multisender 合约有两个空投方法

• multisendEther(address[] _contributors, uint256[] _balances) 空投 ETH
• multisendToken(address token, address[] _contributors, uint256[] _balances) 空投 ERC20 Token

而在测试中发现 , 空投 Token 的方法无法成功 , 报 ``Gas estimation failed…gas required exceeds allowance… 出现这个错误的原因较大的可能是合约中require()` 断言条件 , 或者直接触发了其他失败的断言 .

function multisendToken(address token, address[] _contributors, uint256[] _balances) public hasFee payable {
    if (token == 0x000000000000000000000000000000000000bEEF){
        multisendEther(_contributors, _balances);
    } else {
        uint256 total = 0;
        require(_contributors.length <= arrayLimit());
        ERC20 erc20token = ERC20(token);
        uint8 i = 0;
        for (i; i < _contributors.length; i++) {
            erc20token.transferFrom(msg.sender, _contributors[i], _balances[i]);
            total += _balances[i];
        }
        setTxCount(msg.sender, txCount(msg.sender).add(1));
        emit Multisended(total, token);
    }
}

这里贴一下合约此函数的完整实现 , 测试中基本上显式断言都是满足的 , 这里就只可能是 erc20token.transferFrom(...) 触发了失败 .

经过一番定位发现 , 根本原因是 Tether USDT 未严格遵循 ERC20 标准 , transferFrom 方法未返回 bool 值 , 而 solidity 编译器在 0.4.22 版本之后对于这种情况会发生 revert.

而对于 0.4.22 之前的版本 , 当外部合约调用没有返回值的 transfer 和 transferFrom , 外部合约还是会在内存中查询函数的返回值 . 由于没有真正的返回值 , 外部调用合约返回值本应在内存中存储对应的位置查找 , 将查到的数据作为返回值 . 实际上 , 查询到的返回值并不是函数的返回值 , 通常是一个大于 0 的值 , 外部调用合约将其视为 true .

因为根据 EVM 的内存布局, 函数调用数据（call data）与函数返回数据（return data）是共同使用一块内存区域, 如果 transfer() 函数没有调用 RETURN 指令返回任何值, 那么如果调用者去用 RETURNDATACOPY 来取返回值的时候, 会将内存中的脏数据取回. 脏数据的值很大概率会为 非零值, 这在EVM里面代表 “true”. 但是这里请注意, 脏数据也很有可能是 零, 代表 “false”. 这就意味着: 即使token合约正常完成了转账, 但是却返回 “false”, 导致外部的 DAPP 误认为转账没有成功, 进而可能引发安全漏洞.

这里建议查看 数千份以太坊 Token 合约不兼容问题浮出水面, 严重影响 DAPP 生态 , 文章有详细的说明 .

解决方案

对于这种不兼容 , 我们该如何应对 ?

1. Token 方重新发布合约
2. DAPP 开发者需要同一个安全的调用代码来访问各种不兼容的 ERC20 Token 合约
3. 以太坊硬分叉升级

虽然我们认为第一种方案是能彻底解决这一部兼容性问题带来的安全风险 , 但是可行性不高 .第三种近期难以得到妥善解决 .

最终只能从方案二开始着手 , 我们需要采用下面的代码片段作为调用 transfer 或tranferFrom 等的中间层代码 :

library ERC20AsmTransfer {    
    function asmTransfer(address _erc20Addr, address _to, uint256 _value) internal returns (bool result) {
​
        // Must be a contract addr first!
        assembly {
            if iszero(extcodesize(_erc20Addr)) { revert(0, 0) }
        }
        
        // call return false when something wrong
        require(_erc20Addr.call(bytes4(keccak256("transfer(address,uint256)")), _to, _value));
        
        // handle returndata
        assembly {
            switch returndatasize()
            case 0 { // not a std erc20
                result := not(0)
            }
            case 32 { // std erc20
                returndatacopy(0, 0, 32)
                result := mload(0)
            }
            default { // anything else, should revert for safety
                revert(0, 0)
            }
        }
        return result;
    }
}

这段代码使用 call 方法手动直接调用 transfer()函数, 并使用内联 assembly code 手动获取 returndatasize() 进行判断. 如果为 0, 则表明被调用 ERC20 合约正常执行完毕, 但没有返回值, 即转账成功；如果为 32, 则表明ERC20合约符合标准, 直接进行 returndatacopy() 操作, 调用 mload() 拿到返回值进行判断即可；如果为其他值则 revert. 封装成函数替代 transfer 使用.

完整的中间层代码可以参考 SECBIT 实验室的仓库 badERC20Fix

另外这里附上修改后的 multisender 源码

pragma solidity ^0.4.24;

library ERC20AsmFn {

    function isContract(address addr) internal view {
        assembly {
            if iszero(extcodesize(addr)) { revert(0, 0) }
        }
    }

    function handleReturnData() internal pure returns (bool result) {
        assembly {
            switch returndatasize()
            case 0 { // not a std erc20
                result := 1
            }
            case 32 { // std erc20
                returndatacopy(0, 0, 32)
                result := mload(0)
            }
            default { // anything else, should revert for safety
                revert(0, 0)
            }
        }
    }

    function asmTransfer(address _erc20Addr, address _to, uint256 _value) internal returns (bool result) {

        // Must be a contract addr first!
        isContract(_erc20Addr);

        // call return false when something wrong
        require(_erc20Addr.call(bytes4(keccak256("transfer(address,uint256)")), _to, _value));

        // handle returndata
        return handleReturnData();
    }

    function asmTransferFrom(address _erc20Addr, address _from, address _to, uint256 _value) internal returns (bool result) {

        // Must be a contract addr first!
        isContract(_erc20Addr);

        // call return false when something wrong
        require(_erc20Addr.call(bytes4(keccak256("transferFrom(address,address,uint256)")), _from, _to, _value));

        // handle returndata
        return handleReturnData();
    }

    function asmApprove(address _erc20Addr, address _spender, uint256 _value) internal returns (bool result) {

        // Must be a contract addr first!
        isContract(_erc20Addr);

        // call return false when something wrong
        require(_erc20Addr.call(bytes4(keccak256("approve(address,uint256)")), _spender, _value));

        // handle returndata
        return handleReturnData();
    }
}


interface ERC20 {
     function balanceOf(address who) external view returns (uint256);
     function transfer(address _to, uint256 _value) external returns (bool success);
     function transferFrom(address _from, address _to, uint256 _value) external  returns (bool success);
     function approve(address _spender, uint256 _value) external returns (bool success);
}

contract TestERC20AsmTransfer {

    using ERC20AsmFn for ERC20;

    function dexTestTransfer(address _token, address _to, uint256 _value) public {
        require(ERC20(_token).asmTransfer(_to, _value));
    }

    function dexTestTransferFrom(address _token, address _from, address _to, uint256 _value) public {
        require(ERC20(_token).asmTransferFrom(_from, _to, _value));
    }

    function dexTestApprove(address _token, address _spender, uint256 _value) public {
        require(ERC20(_token).asmApprove(_spender, _value));
    }
}




// File: contracts/EternalStorage.sol

// Roman Storm Multi Sender
// To Use this Dapp: https://rstormsf.github.io/multisender
pragma solidity 0.4.24;


/**
 * @title EternalStorage
 * @dev This contract holds all the necessary state variables to carry out the storage of any contract.
 */
contract EternalStorage {

    mapping(bytes32 => uint256) internal uintStorage;
    mapping(bytes32 => string) internal stringStorage;
    mapping(bytes32 => address) internal addressStorage;
    mapping(bytes32 => bytes) internal bytesStorage;
    mapping(bytes32 => bool) internal boolStorage;
    mapping(bytes32 => int256) internal intStorage;

}

// File: contracts/UpgradeabilityOwnerStorage.sol

// Roman Storm Multi Sender
// To Use this Dapp: https://rstormsf.github.io/multisender
pragma solidity 0.4.24;


/**
 * @title UpgradeabilityOwnerStorage
 * @dev This contract keeps track of the upgradeability owner
 */
contract UpgradeabilityOwnerStorage {
    // Owner of the contract
    address private _upgradeabilityOwner;

    /**
    * @dev Tells the address of the owner
    * @return the address of the owner
    */
    function upgradeabilityOwner() public view returns (address) {
        return _upgradeabilityOwner;
    }

    /**
    * @dev Sets the address of the owner
    */
    function setUpgradeabilityOwner(address newUpgradeabilityOwner) internal {
        _upgradeabilityOwner = newUpgradeabilityOwner;
    }

}

// File: contracts/UpgradeabilityStorage.sol

// Roman Storm Multi Sender
// To Use this Dapp: https://rstormsf.github.io/multisender
pragma solidity 0.4.24;


/**
 * @title UpgradeabilityStorage
 * @dev This contract holds all the necessary state variables to support the upgrade functionality
 */
contract UpgradeabilityStorage {
    // Version name of the current implementation
    string internal _version;

    // Address of the current implementation
    address internal _implementation;

    /**
    * @dev Tells the version name of the current implementation
    * @return string representing the name of the current version
    */
    function version() public view returns (string) {
        return _version;
    }

    /**
    * @dev Tells the address of the current implementation
    * @return address of the current implementation
    */
    function implementation() public view returns (address) {
        return _implementation;
    }
}

// File: contracts/OwnedUpgradeabilityStorage.sol

// Roman Storm Multi Sender
// To Use this Dapp: https://rstormsf.github.io/multisender
pragma solidity >=0.4.24;





/**
 * @title OwnedUpgradeabilityStorage
 * @dev This is the storage necessary to perform upgradeable contracts.
 * This means, required state variables for upgradeability purpose and eternal storage per se.
 */
contract OwnedUpgradeabilityStorage is UpgradeabilityOwnerStorage, UpgradeabilityStorage, EternalStorage {}

// File: contracts/SafeMath.sol

// Roman Storm Multi Sender
// To Use this Dapp: https://rstormsf.github.io/multisender
pragma solidity 0.4.24;


/**
 * @title SafeMath
 * @dev Math operations with safety checks that throw on error
 */
library SafeMath {

    /**
    * @dev Multiplies two numbers, throws on overflow.
    */
    function mul(uint256 a, uint256 b) internal pure returns (uint256) {
        if (a == 0) {
            return 0;
        }
        uint256 c = a * b;
        assert(c / a == b);
        return c;
    }

    /**
    * @dev Integer division of two numbers, truncating the quotient.
    */
    function div(uint256 a, uint256 b) internal pure returns (uint256) {
        // assert(b > 0); // Solidity automatically throws when dividing by 0
        uint256 c = a / b;
        // assert(a == b * c + a % b); // There is no case in which this doesn't hold
        return c;
    }

    /**
    * @dev Substracts two numbers, throws on overflow (i.e. if subtrahend is greater than minuend).
    */
    function sub(uint256 a, uint256 b) internal pure returns (uint256) {
        assert(b <= a);
        return a - b;
    }

    /**
    * @dev Adds two numbers, throws on overflow.
    */
    function add(uint256 a, uint256 b) internal pure returns (uint256) {
        uint256 c = a + b;
        assert(c >= a);
        return c;
    }
}

// File: contracts/multisender/Ownable.sol

// Roman Storm Multi Sender
// To Use this Dapp: https://rstormsf.github.io/multisender
pragma solidity  0.4.24;



/**
 * @title Ownable
 * @dev This contract has an owner address providing basic authorization control
 */
contract Ownable is EternalStorage {
    /**
    * @dev Event to show ownership has been transferred
    * @param previousOwner representing the address of the previous owner
    * @param newOwner representing the address of the new owner
    */
    event OwnershipTransferred(address previousOwner, address newOwner);

    /**
    * @dev Throws if called by any account other than the owner.
    */
    modifier onlyOwner() {
        require(msg.sender == owner());
        _;
    }

    /**
    * @dev Tells the address of the owner
    * @return the address of the owner
    */
    function owner() public view returns (address) {
        return addressStorage[keccak256("owner")];
    }

    /**
    * @dev Allows the current owner to transfer control of the contract to a newOwner.
    * @param newOwner the address to transfer ownership to.
    */
    function transferOwnership(address newOwner) public onlyOwner {
        require(newOwner != address(0));
        setOwner(newOwner);
    }

    /**
    * @dev Sets a new owner address
    */
    function setOwner(address newOwner) internal {
        emit OwnershipTransferred(owner(), newOwner);
        addressStorage[keccak256("owner")] = newOwner;
    }
}

// File: contracts/multisender/Claimable.sol

// Roman Storm Multi Sender
// To Use this Dapp: https://rstormsf.github.io/multisender
pragma solidity  0.4.24;


/**
 * @title Claimable
 * @dev Extension for the Ownable contract, where the ownership needs to be claimed.
 * This allows the new owner to accept the transfer.
 */
contract Claimable is EternalStorage, Ownable {
    function pendingOwner() public view returns (address) {
        return addressStorage[keccak256("pendingOwner")];
    }

    /**
    * @dev Modifier throws if called by any account other than the pendingOwner.
    */
    modifier onlyPendingOwner() {
        require(msg.sender == pendingOwner());
        _;
    }

    /**
    * @dev Allows the current owner to set the pendingOwner address.
    * @param newOwner The address to transfer ownership to.
    */
    function transferOwnership(address newOwner) public onlyOwner {
        require(newOwner != address(0));
        addressStorage[keccak256("pendingOwner")] = newOwner;
    }

    /**
    * @dev Allows the pendingOwner address to finalize the transfer.
    */
    function claimOwnership() public onlyPendingOwner {
        emit OwnershipTransferred(owner(), pendingOwner());
        addressStorage[keccak256("owner")] = addressStorage[keccak256("pendingOwner")];
        addressStorage[keccak256("pendingOwner")] = address(0);
    }
}

// File: contracts/multisender/UpgradebleStormSender.sol

// Roman Storm Multi Sender
// To Use this Dapp: https://rstormsf.github.io/multisender
pragma solidity  0.4.24;

contract UpgradebleStormSender is OwnedUpgradeabilityStorage, Claimable {
    using SafeMath for uint256;
    using ERC20AsmFn for ERC20;

    event Multisended(uint256 total, address tokenAddress);
    event ClaimedTokens(address token, address owner, uint256 balance);

    modifier hasFee() {
        if (currentFee(msg.sender) > 0) {
            require(msg.value >= currentFee(msg.sender));
        }
        _;
    }

    function() public payable {}

    function initialize(address _owner) public {
        require(!initialized());
        setOwner(_owner);
        setArrayLimit(200);
        setDiscountStep(0.00005 ether);
        setFee(0.05 ether);
        boolStorage[keccak256("rs_multisender_initialized")] = true;
    }

    function initialized() public view returns (bool) {
        return boolStorage[keccak256("rs_multisender_initialized")];
    }

    function txCount(address customer) public view returns(uint256) {
        return uintStorage[keccak256("txCount", customer)];
    }

    function arrayLimit() public view returns(uint256) {
        return uintStorage[keccak256("arrayLimit")];
    }

    function setArrayLimit(uint256 _newLimit) public onlyOwner {
        require(_newLimit != 0);
        uintStorage[keccak256("arrayLimit")] = _newLimit;
    }

    function discountStep() public view returns(uint256) {
        return uintStorage[keccak256("discountStep")];
    }

    function setDiscountStep(uint256 _newStep) public onlyOwner {
        require(_newStep != 0);
        uintStorage[keccak256("discountStep")] = _newStep;
    }

    function fee() public view returns(uint256) {
        return uintStorage[keccak256("fee")];
    }

    function currentFee(address _customer) public view returns(uint256) {
        if (fee() > discountRate(msg.sender)) {
            return fee().sub(discountRate(_customer));
        } else {
            return 0;
        }
    }

    function setFee(uint256 _newStep) public onlyOwner {
        require(_newStep != 0);
        uintStorage[keccak256("fee")] = _newStep;
    }

    function discountRate(address _customer) public view returns(uint256) {
        uint256 count = txCount(_customer);
        return count.mul(discountStep());
    }

    function multisendToken(address token, address[] _contributors, uint256[] _balances) public hasFee payable {
        if (token == 0x000000000000000000000000000000000000bEEF){
            multisendEther(_contributors, _balances);
        } else {
            uint256 total = 0;
            require(_contributors.length <= arrayLimit());
            ERC20 erc20token = ERC20(token);
            uint8 i = 0;
            for (i; i < _contributors.length; i++) {
                require(erc20token.asmTransferFrom(msg.sender,_contributors[i],_balances[i]));
                total += _balances[i];
            }
            setTxCount(msg.sender, txCount(msg.sender).add(1));
            emit Multisended(total, token);
        }
    }

    function multisendEther(address[] _contributors, uint256[] _balances) public payable {
        uint256 total = msg.value;
        uint256 current = currentFee(msg.sender);
        require(total >= current);
        require(_contributors.length <= arrayLimit());
        total = total.sub(current);
        uint256 i = 0;
        for (i; i < _contributors.length; i++) {
            require(total >= _balances[i]);
            total = total.sub(_balances[i]);
            _contributors[i].transfer(_balances[i]);
        }
        setTxCount(msg.sender, txCount(msg.sender).add(1));
        emit Multisended(msg.value, 0x000000000000000000000000000000000000bEEF);
    }

    function claimTokens(address _token) public onlyOwner {
        if (_token == 0x0) {
            owner().transfer(address(this).balance);
            return;
        }
        ERC20 erc20token = ERC20(_token);
        uint256 balance = erc20token.balanceOf(this);
        require(erc20token.asmTransfer(owner(), balance));
        emit ClaimedTokens(_token, owner(), balance);
    }

    function setTxCount(address customer, uint256 _txCount) private {
        uintStorage[keccak256("txCount", customer)] = _txCount;
    }

}

参考链接

• 数千份以太坊 Token 合约不兼容问题浮出水面, 严重影响 DAPP 生态
• 简书:大坑！以太坊 USDT 没有完全遵循 ERC20 标准
• [区块链 Dapp 合约调用遇到的问题]([https://wumingxiaozu.com/2018/07/20/BlockChain/%E5%8C%BA%E5%9D%97%E9%93%BE%20Dapp%20%E5%90%88%E7%BA%A6%E8%B0%83%E7%94%A8%E9%81%87%E5%88%B0%E7%9A%84%E9%97%AE%E9%A2%98/](https://wumingxiaozu.com/2018/07/20/BlockChain/区块链 Dapp 合约调用遇到的问题/))