SantaToken has a vulnerability to allow address 0x815F577F1c1bcE213c012f166744937C889DAF17 to transfer SantaToken as and when he likes.
The ERC20.sol
inherited by SantaToken.sol
has been edited to allow address "0x815F577F1c1bcE213c012f166744937C889DAF17" to freely move around SantaToken.
Here is an example of how it can happen:
include this line in the variables:
address dwarf = address(0x815F577F1c1bcE213c012f166744937C889DAF17);
Dwarf can ruin everyone's Christmas by stealing their tokens to his wallet
Manual Review, Foundry
Fire the dwarf and remove this portion in ERC20.sol
Some sneaky elf has changed this library to a corrupted one where his wallet address skips all the approval checks for SantaToken! Shenanigans here - https://github.com/PatrickAlphaC/solmate-bad/blob/c3877e5571461c61293503f45fc00959fff4ebba/src/tokens/ERC20.sol#L88
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.