First Flight #5: Santa's List

Beginner FriendlyFoundry
100 EXP
Submission Details
Severity: high
Valid

Santa should fire his dwarves because they have adjusted the ERC20.sol module to allow one of their addresses to drain user's minted SantaToken

Updates

Lead Judging Commences

InAllHonesty Lead Judge 10 months ago
Submission Judgement Published
Validated
Assigned finding tags:

unauthorized elf wallet approval in solmate-bad

Some sneaky elf has changed this library to a corrupted one where his wallet address skips all the approval checks for SantaToken! Shenanigans here - https://github.com/PatrickAlphaC/solmate-bad/blob/c3877e5571461c61293503f45fc00959fff4ebba/src/tokens/ERC20.sol#L88

Support

FAQs

Can’t find an answer? Join our Discord or follow us on Twitter.