{"id":9397,"date":"2023-03-17T15:10:25","date_gmt":"2023-03-17T23:10:25","guid":{"rendered":"https:\/\/www.shop2world.com\/blog\/?p=9397"},"modified":"2023-03-17T15:13:01","modified_gmt":"2023-03-17T23:13:01","slug":"php-%eb%b8%94%eb%a1%9d-%ec%b2%b4%ec%9d%b8-%eb%b8%94%eb%a1%9d%ec%b2%b4%ec%9d%b8-%eb%b3%b4%ec%95%88-%ec%8a%a4%eb%a7%88%ed%8a%b8-%ec%bb%a8%ed%8a%b8%eb%9e%99%ed%8a%b8-%ec%b7%a8%ec%95%bd%ec%a0%90","status":"publish","type":"post","link":"https:\/\/www.shop2world.com\/blog\/archives\/9397","title":{"rendered":"[PHP \ube14\ub85d \uccb4\uc778] \ube14\ub85d\uccb4\uc778 \ubcf4\uc548 : \uc2a4\ub9c8\ud2b8 \ucee8\ud2b8\ub799\ud2b8 \ucde8\uc57d\uc810"},"content":{"rendered":"\n

\ube14\ub85d\uccb4\uc778\uc5d0\uc11c\ub294 \uc2a4\ub9c8\ud2b8 \ucee8\ud2b8\ub799\ud2b8\ub77c\ub294 \uc790\ub3d9\ud654\ub41c \uacc4\uc57d\uc11c\ub97c \uc774\uc6a9\ud558\uc5ec \ud504\ub85c\uadf8\ub7a8 \uc2e4\ud589\uc744 \uc790\ub3d9\uc73c\ub85c \ucc98\ub9ac\ud569\ub2c8\ub2e4. \ud558\uc9c0\ub9cc \uc774\ub7ec\ud55c \uc2a4\ub9c8\ud2b8 \ucee8\ud2b8\ub799\ud2b8\uc5d0\uc11c \ubc84\uadf8\ub098 \ucde8\uc57d\uc810\uc774 \ubc1c\uacac\ub418\uc5b4 \uc774\ub97c \uc545\uc6a9\ud558\uc5ec \uacc4\uc57d \ub0b4\uc6a9\uc744 \uc704\ubcc0\uc870\ud560 \uc218 \uc788\ub294 \uc0ac\ub840\ub4e4\uc774 \uc788\uc5c8\uc2b5\ub2c8\ub2e4.
\uc544\ub798\ub294 \uc2a4\ub9c8\ud2b8 \ucee8\ud2b8\ub799\ud2b8 \ucde8\uc57d\uc810 \uc911 \ud558\ub098\uc778 \uc794\uc561 \uc624\uc5fc(Balance Attack)\uc744 PHP\ub85c \uad6c\ud604\ud55c \uc608\uc2dc\uc785\ub2c8\ub2e4.
<\/p>\n\n\n

class BankAccount {\n    private $balance = 0;\n\n    function __construct($initialBalance) {\n        $this->balance = $initialBalance;\n    }\n\n    function deposit($amount) {\n        $this->balance += $amount;\n    }\n\n    function withdraw($amount) {\n        if ($amount > $this->balance) {\n            throw new Exception(\"Insufficient funds\");\n        }\n        $this->balance -= $amount;\n    }\n\n    function getBalance() {\n        return $this->balance;\n    }\n}\n\nclass Hack {\n    private $bankAccount;\n\n    function __construct($bankAccount) {\n        $this->bankAccount = $bankAccount;\n    }\n\n    function steal($amount) {\n        $this->bankAccount->withdraw($amount);\n        $this->bankAccount->deposit($amount*2);\n    }\n}\n\n$bankAccount = new BankAccount(100);\n$hack = new Hack($bankAccount);\n$hack->steal(50);\necho \"Current balance: \" . $bankAccount->getBalance();\n<\/pre>\n
\uc704 \ucf54\ub4dc\uc5d0\uc11c\ub294 BankAccount \ud074\ub798\uc2a4\ub97c \uc774\uc6a9\ud574 \uacc4\uc88c\ub97c \ub9cc\ub4e4\uace0, Hack \ud074\ub798\uc2a4\ub97c \uc774\uc6a9\ud574 \uacc4\uc88c\ub97c \ud574\ud0b9\ud558\ub294 \ucf54\ub4dc\uac00 \uc791\uc131\ub418\uc5b4 \uc788\uc2b5\ub2c8\ub2e4. Hack \ud074\ub798\uc2a4\uc5d0\uc11c steal \ud568\uc218\ub294 \uacc4\uc88c\uc5d0\uc11c \ub3c8\uc744 \ube7c\ub0b4\uace0, 2\ubc30\ub85c \ub298\ub824 \ub2e4\uc2dc \uc785\uae08\ud569\ub2c8\ub2e4. \uc774\ub807\uac8c \ud558\uba74 \uacc4\uc88c\uc758 \uc794\uc561\uc774 \uc99d\uac00\ud558\uac8c \ub429\ub2c8\ub2e4.<\/p>\n
\uc704 \ucf54\ub4dc\uc5d0\uc11c\ub294 Hack \ud074\ub798\uc2a4\uc5d0\uc11c BankAccount \ud074\ub798\uc2a4\uc758 withdraw \ud568\uc218\ub97c \ud638\ucd9c\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4. \uadf8\ub9ac\uace0 Hack \ud074\ub798\uc2a4\uc5d0\uc11c \uacc4\uc88c\uc5d0\uc11c \ucd9c\uae08\ud55c \uae08\uc561\uc758 2\ubc30\ub97c \ub2e4\uc2dc \uacc4\uc88c\uc5d0 \uc785\uae08\ud558\uba74 \uacc4\uc88c \uc794\uc561\uc774 \uc99d\uac00\ud569\ub2c8\ub2e4. \ub530\ub77c\uc11c BankAccount \ud074\ub798\uc2a4\uc758 getBalance \ud568\uc218\uc5d0\uc11c\ub294 \uacc4\uc88c \uc794\uc561\uc774 \uc99d\uac00\ud55c \uac83\uc744 \ud655\uc778\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.  <\/p>\n
\uc2a4\ub9c8\ud2b8 \ucee8\ud2b8\ub799\ud2b8 \ucde8\uc57d\uc810\uc5d0 \ub300\ud55c \uc2e4\uc81c \uc0ac\ub840\ub4e4\uacfc \uadf8 \ubc1c\uc0dd \uc6d0\uc778\uc740 \ub2e4\uc591\ud569\ub2c8\ub2e4. \uc77c\ubd80 \uc608\uc2dc\ub97c \uc0b4\ud3b4\ubcf4\uba74 \ub2e4\uc74c\uacfc \uac19\uc2b5\ub2c8\ub2e4.<\/p>\n
    \n
  1. DAO \ud574\ud0b9 \uc0ac\uac74 (2016\ub144)\n
      \n
    • \ubc1c\uc0dd \uc6d0\uc778: DAO\ub294 \uc774\ub354\ub9ac\uc6c0 \uae30\ubc18\uc758 \ud0c8\uc911\uc559\ud654 \uc790\uc728 \uc870\uc9c1\uc73c\ub85c, \uc774 \uc870\uc9c1\uc5d0\uc11c \uc0ac\uc6a9\ud558\ub294 \uc2a4\ub9c8\ud2b8 \ucee8\ud2b8\ub799\ud2b8\uc5d0 \ucde8\uc57d\uc810\uc774 \uc788\uc5c8\uc2b5\ub2c8\ub2e4. \uc774\ub97c \uc545\uc6a9\ud558\uc5ec \ud574\ucee4\ub294 \uc57d 3.6\ubc31\ub9cc \uc774\ub354\ub9ac\uc6c0\uc744 \ud0c8\ucde8\ud588\uc2b5\ub2c8\ub2e4.<\/li>\n<\/ul>\n<\/li>\n
    • Parity \ub9c8\uce58 \ubb38\uc81c (2017\ub144)\n
        \n
      • \ubc1c\uc0dd \uc6d0\uc778: Parity\ub294 \uc774\ub354\ub9ac\uc6c0 \uc9c0\uac11 \ubc0f \uae30\ud0c0 \ub3c4\uad6c\ub97c \uc81c\uacf5\ud558\ub294 \uc774\ub354\ub9ac\uc6c0 \uac1c\ubc1c \ud300\uc73c\ub85c, \uc2a4\ub9c8\ud2b8 \ucee8\ud2b8\ub799\ud2b8\uc5d0\uc11c \ubc1c\uc0dd\ud55c \ubc84\uadf8\ub85c \uc778\ud574 \uc57d 15\ub9cc \uc774\ub354\ub9ac\uc6c0\uc774 \uc783\uc5b4\ubc84\ub838\uc2b5\ub2c8\ub2e4.<\/li>\n<\/ul>\n<\/li>\n
      • King of the Ether Throne \ubb38\uc81c (2016\ub144)\n
          \n
        • \ubc1c\uc0dd \uc6d0\uc778: \uc774\ub354\ub9ac\uc6c0\uc744 \uae30\ubc18\uc73c\ub85c \ud55c \uac8c\uc784\uc778 King of the Ether Throne\uc5d0\uc11c\ub294 \ucc38\uac00\uc790\ub4e4\uc774 \uc2a4\ub9c8\ud2b8 \ucee8\ud2b8\ub799\ud2b8\ub97c \uc0ac\uc6a9\ud558\uc5ec \uac8c\uc784\uc744 \uc9c4\ud589\ud569\ub2c8\ub2e4. \uc774 \uac8c\uc784\uc5d0\uc11c \ubc1c\uc0dd\ud55c \ucde8\uc57d\uc810\uc73c\ub85c \uc778\ud574 \ucc38\uac00\uc790\ub4e4\uc740 \uc774 \uac8c\uc784\uc5d0\uc11c \uc5bb\uc740 \uc774\ub354\ub9ac\uc6c0\uc744 \ud0c8\ucde8\ud560 \uc218 \uc788\uc5c8\uc2b5\ub2c8\ub2e4.<\/li>\n<\/ul>\n<\/li>\n
        • Rubixi \uc2a4\ub9c8\ud2b8 \ucee8\ud2b8\ub799\ud2b8 \ubc84\uadf8 (2018\ub144)\n
            \n
          • \ubc1c\uc0dd \uc6d0\uc778: Rubixi\ub294 \ubd84\uc0b0 \uc6f9 \uae30\ubc18\uc758 \uac8c\uc784\uc774\uc5c8\uc2b5\ub2c8\ub2e4. \uc2a4\ub9c8\ud2b8 \ucee8\ud2b8\ub799\ud2b8\uc5d0 \uc874\uc7ac\ud558\ub294 \ubc84\uadf8\ub97c \uc774\uc6a9\ud558\uc5ec \ud574\ucee4\ub294 \uc774 \uac8c\uc784\uc5d0\uc11c \ud1a0\ud070\uc744 \uc0dd\uc131\ud558\uace0 \uc774\ub97c \uc774\ub354\ub9ac\uc6c0\uc73c\ub85c \uc804\ud658\ud558\ub294 \uac83\uc744 \uac00\ub2a5\ud558\uac8c \ud588\uc2b5\ub2c8\ub2e4.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n
            \uc774\ub7ec\ud55c \uc2a4\ub9c8\ud2b8 \ucee8\ud2b8\ub799\ud2b8 \ucde8\uc57d\uc810\uc758 \ubc1c\uc0dd \uc6d0\uc778\uc740 \ub2e4\uc591\ud569\ub2c8\ub2e4. \ub300\ud45c\uc801\uc73c\ub85c\ub294 \ucf54\ub4dc \uc791\uc131\uc790\uc758 \uc2e4\uc218, \uc0c8\ub85c\uc6b4 \uae30\uc220\uc758 \ubbf8\uc131\uc219\ud568, \uc678\ubd80 \uc785\ub825 \ub370\uc774\ud130\uc5d0 \ub300\ud55c \ubb34\ucc28\ubcc4\uc801\uc778 \uc2e0\ub8b0 \ub4f1\uc774 \uc788\uc2b5\ub2c8\ub2e4. \ub530\ub77c\uc11c \uc2a4\ub9c8\ud2b8 \ucee8\ud2b8\ub799\ud2b8\ub97c \uc791\uc131\ud558\uace0 \uc2e4\ud589\ud560 \ub54c\ub294 \ubcf4\uc548\uc744 \uace0\ub824\ud558\uc5ec \ucf54\ub4dc\ub97c \uc791\uc131\ud558\uace0, \ubcf4\uc548 \uc804\ubb38\uac00\ub4e4\uc774 \ub9ac\ubdf0\ud558\ub294 \uac83\uc774 \uc88b\uc2b5\ub2c8\ub2e4. \ub610\ud55c \uc2a4\ub9c8\ud2b8 \ucee8\ud2b8\ub799\ud2b8\uc758 \ucde8\uc57d\uc810\uc744 \uac80\uc99d\ud558\uae30 \uc704\ud55c \ub2e4\uc591\ud55c \ub3c4\uad6c\ub4e4\ub3c4 \uac1c\ubc1c\ub418\uace0 \uc788\uc2b5\ub2c8\ub2e4.<\/p>","protected":false},"excerpt":{"rendered":"
            \ube14\ub85d\uccb4\uc778\uc5d0\uc11c\ub294 \uc2a4\ub9c8\ud2b8 \ucee8\ud2b8\ub799\ud2b8\ub77c\ub294 \uc790\ub3d9\ud654\ub41c \uacc4\uc57d\uc11c\ub97c \uc774\uc6a9\ud558\uc5ec \ud504\ub85c\uadf8\ub7a8 \uc2e4\ud589\uc744 \uc790\ub3d9\uc73c\ub85c \ucc98\ub9ac\ud569\ub2c8\ub2e4. \ud558\uc9c0\ub9cc \uc774\ub7ec\ud55c \uc2a4\ub9c8\ud2b8 \ucee8\ud2b8\ub799\ud2b8\uc5d0\uc11c \ubc84\uadf8\ub098 \ucde8\uc57d\uc810\uc774 \ubc1c\uacac\ub418\uc5b4 \uc774\ub97c \uc545\uc6a9\ud558\uc5ec \uacc4\uc57d \ub0b4\uc6a9\uc744 \uc704\ubcc0\uc870\ud560 \uc218 \uc788\ub294 \uc0ac\ub840\ub4e4\uc774 \uc788\uc5c8\uc2b5\ub2c8\ub2e4.\uc544\ub798\ub294 \uc2a4\ub9c8\ud2b8 \ucee8\ud2b8\ub799\ud2b8 \ucde8\uc57d\uc810 \uc911 \ud558\ub098\uc778 \uc794\uc561 \uc624\uc5fc(Balance Attack)\uc744 PHP\ub85c \uad6c\ud604\ud55c \uc608\uc2dc\uc785\ub2c8\ub2e4. class BankAccount { private $balance = 0; function __construct($initialBalance) { $this->balance = $initialBalance; } function deposit($amount) { $this->balance += $amount; } function withdraw($amount) { if ($amount > $this->balance) { throw new Exception(“Insufficient funds”); } $this->balance -= $amount; } …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[716],"tags":[],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/www.shop2world.com\/blog\/wp-json\/wp\/v2\/posts\/9397"}],"collection":[{"href":"https:\/\/www.shop2world.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.shop2world.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.shop2world.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.shop2world.com\/blog\/wp-json\/wp\/v2\/comments?post=9397"}],"version-history":[{"count":2,"href":"https:\/\/www.shop2world.com\/blog\/wp-json\/wp\/v2\/posts\/9397\/revisions"}],"predecessor-version":[{"id":9400,"href":"https:\/\/www.shop2world.com\/blog\/wp-json\/wp\/v2\/posts\/9397\/revisions\/9400"}],"wp:attachment":[{"href":"https:\/\/www.shop2world.com\/blog\/wp-json\/wp\/v2\/media?parent=9397"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.shop2world.com\/blog\/wp-json\/wp\/v2\/categories?post=9397"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.shop2world.com\/blog\/wp-json\/wp\/v2\/tags?post=9397"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}