First Flight #21: KittyFi

First Flight #21
Beginner FriendlyDeFiFoundry
100 EXP
View results
Submission Details
Severity: high
Invalid

Unauthorized Token Transfer via Arbitrary from Address in transferFrom

Summary

The contract function uses an arbitrary from address in the transferFrom call, allowing any user to transfer tokens from any address that has approved the contract, potentially leading to unauthorized token transfers.

Vulnerability Details

Location

  • Contract: KittyVault.sol

  • Function: executeDepawsit

  • Lines: 65-81

Code Snippet

function executeDepawsit(address _user, uint256 _ameownt) external { IERC20(i_token).safeTransferFrom(_user, address(this), _ameownt);}

Impact

If a user (Alice) approves this contract to spend her ERC20 tokens, another user (Bob) can call the function and specify Alice's address as the from parameter, transferring Alice's tokens to any address of Bob's choice. This leads to unauthorized token transfers and potential loss of funds for the approving user.

Tools Used

Slither

Recommendations

To mitigate this vulnerability, ensure that the from address in the transferFrom call is always msg.sender. This ensures that only the caller of the function can transfer their own tokens, preventing unauthorized transfers.

Corrected Code Snippet

function executeDepawsit(address _ameownt) external { IERC20(i_token).safeTransferFrom(msg.sender, address(this), _ameownt); }
Updates

Lead Judging Commences

shikhar229169 Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.