NEAR Protocol (NEAR)

🪲 在 NEAR 智能合约中查找错误

这是来自 2022 年的真实 NEAR 可替代代币的核心文件

一家受尊敬的安全公司审计了它，发现缺少某些内容以确保 `ft` 相关函数按预期工作

你能找出它吗？

我将在 24 小时后在此线程中揭示所有内容 ↓
+ 缺失的是什么
+ 这是什么合约
+ 哪家安全公司发现的
+ 修复后的代码现在是什么样子

---
如果你想在答案公布时收到提醒，请评论！

🧑‍🏫 THE BUG EXPLAINED
*as @mihaikodo already found the right answer

this is @LinearProtocol's $LiNEAR token contract from 2022, audited by @BlockSecTeam

this finding went as a recommendation, named
"Missing check on the `prepaid_gas` in function `ft_transfer_call`"

the `prepaid_gas` should be checked to ensure it is enough for the target functions including `ft_on_transfer` and `ft_resolve_transfer`

current code already has the fix implemented, which is a `require!()` macro for the `env::prepaid_gas`

basically, it requires `ft_transfer_call` calls to have some prepaid gas attached that is checked against a minimum amount to make sure the entire transaction journey (with cross-contract calls) work flawlessly

this is important because if gas isn't enough, the contract's callbacks may fail later, which worsens the user experience and creates some security risks

now, everything is checked beforehand.
if prepaid_gas is too low, the contract will panic and more gas will be requested -- the transaction never

@mihaikodo @LinearProtocol @BlockSecTeam you can read the full report here:
https://t.co/fm5P43QQVa