Unauthorized Token Transfers in LibFertilizer.sol
Summary
This report outlines a critical security vulnerability in the LibFertilizer.sol contract. The vulnerability arises from the use of an arbitrary address as the from parameter in ERC20's transferFrom calls, potentially allowing unauthorized token transfers. The report details the issue, its impact, and provides recommendations for mitigating the vulnerability.
Vulnerability Details
The LibFertilizer.sol contract contains a function addUnderlying that performs token transfers using the ERC20 transferFrom method. The current implementation allows an arbitrary address to be specified as the from parameter. This means that any address can potentially transfer tokens from another address without proper authorization.
The LibTractor._user() function call is used to determine the from address for the transferFrom method.
If LibTractor._user() returns an address that the caller does not control, it can lead to unauthorized transfers.
This vulnerability can result in the loss of funds for the owner of the tokens.
Code Snippet
Impact
The impact of this vulnerability is severe. It allows for unauthorized transfers of tokens, which can lead to:
Theft of tokens from users.
Potential financial loss and damage to the reputation of the token issuer.
Loss of trust from users and investors.
Tools Used
Manual code review
Recommendations
Use msg.sender for Authorization
To mitigate the risk of unauthorized token transfers, the contract should use msg.sender as the from parameter in ERC20's transferFrom calls. This ensures that only the owner of the tokens can authorize transfers from their address.
Revised Code Snippet
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.