Part 2

Zaros

PerpetualsDEXFoundrySolidity

70,000 USDC

View results

Previous Next

Submission Details

Severity: high

Invalid

Arbitrary Address Usage in transferFrom Parameter: Risk of Unauthorized Token Transfers

grimreaper

Summary

The transferFrom function in the StabilityBranch.sol contract allows an arbitrary address to be used as the from parameter. This design flaw opens the potential for unauthorized token transfers, as it does not enforce proper authorization checks. This vulnerability can lead to loss of funds and breaches of trust among token holders. It is critical to restrict the from parameter to msg.sender to ensure transfers are only initiated by authorized entities.

Vulnerability Details

Description

The ERC20 transferFrom function is utilized on line 409 of StabilityBranch.sol. However, the function does not enforce that msg.sender must be the from parameter. Instead, it permits an arbitrary address, allowing malicious actors to transfer tokens from another user's address without proper approval.

Code Example

// Vulnerable code

ERC20(token).transferFrom(from, to, amount);

Since the from parameter is not restricted to msg.sender, an attacker can exploit this to bypass authorization checks and perform unauthorized token transfers.

Impact

Unauthorized Token Transfers: Malicious actors can transfer tokens from a user's address without approval.
Loss of Funds: Token holders may lose their funds without their consent or knowledge.
Security Breach: This vulnerability undermines the integrity of the token transfer mechanism, resulting in a loss of trust among users.

Tools Used

Remix IDE: For reviewing the specific line of code and analyzing the function's behavior.
Slither: To detect improper parameter usage in the transferFrom function.
MythX: For identifying token authorization vulnerabilities in the contract.

Recommendations

Enforce msg.sender as the from Parameter:
Ensure that the from parameter in the transferFrom function is restricted to msg.sender to prevent unauthorized transfers.

// Secure code

ERC20(token).transferFrom(msg.sender, to, amount);

Add Proper Authorization Checks:
If a custom authorization flow is needed, implement explicit checks to validate the from address before allowing the transfer. For example:

require(from == msg.sender, "Unauthorized transfer attempt");
Audit All transferFrom Usages:
Conduct a thorough review of all instances of transferFrom in the codebase to ensure similar vulnerabilities do not exist elsewhere.
Use Role-Based Access Control (RBAC):
Implement role-based access control to limit who can call functions involving transferFrom. Use libraries like OpenZeppelin's AccessControl for efficient role management.
Testing and Verification:
Write unit tests to verify that only authorized entities can initiate transfers using the transferFrom function.

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago

Submission Judgement Published

Invalidated

Reason: Too generic

Prize pool breakdown

Total prize

70,000 USDC

nSLOC

3,258

21 USDC / LOC

High Medium

66,500

Low

3,500

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.