Unauthorized Token Transfers in TokenSupportFacet.sol
Summary
This report identifies a critical security vulnerability in the TokenSupportFacet.sol contract. The vulnerability arises from allowing an arbitrary address to be used as the from parameter in ERC20's transferFrom and ERC721/1155's safeTransferFrom calls. This loophole permits potential unauthorized token transfers, posing a significant risk of financial loss to token owners. The report includes an analysis of the issue, reviews the affected code, discusses the impact, and provides recommendations for remediation.
Vulnerability Details
The TokenSupportFacet.sol contract contains functions that utilize ERC20, ERC721, and ERC1155 safeTransferFrom methods. However, these functions permit an arbitrary address to act as the from parameter, which can lead to unauthorized token transfers.
Code snippet:
Impact
Allowing an arbitrary address as the from parameter in the safeTransferFrom call can lead to severe consequences, including:
-
Unauthorized Token Transfers: Malicious actors could transfer tokens from any address without the owner's consent.
-
Loss of Funds: Token owners could lose their funds due to unauthorized transfers, leading to financial losses and undermining trust in the system.
-
Systemic Risk: Such vulnerabilities can be exploited at scale, potentially leading to significant financial and reputational damage to the platform.
Tools Used
Manual review
Recommendations
To mitigate this vulnerability, it is crucial to use msg.sender as the from parameter in the safeTransferFrom calls. This ensures that only the token owner or an approved spender can initiate the transfer.
Replace:
With:
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.