The contract function uses an arbitrary from
address in the transferFrom
call, allowing any user to transfer tokens from any address that has approved the contract, potentially leading to unauthorized token transfers.
Contract: KittyVault.sol
Function: executeDepawsit
Lines: 65-81
If a user (Alice) approves this contract to spend her ERC20 tokens, another user (Bob) can call the function and specify Alice's address as the from
parameter, transferring Alice's tokens to any address of Bob's choice. This leads to unauthorized token transfers and potential loss of funds for the approving user.
Slither
To mitigate this vulnerability, ensure that the from
address in the transferFrom
call is always msg.sender
. This ensures that only the caller of the function can transfer their own tokens, preventing unauthorized transfers.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.