100 EXP
Submission Details
Impact:
Likelihood:
Missing Transfer Event on `_burn`
Author Revealed upon completion
Description
-
The ERC20 standard requires that burning tokens MUST emit a
Transferevent withtoset toaddress(0). -
Token-0x's
_burnfunction does not emit any events, making burns invisible to off-chain services.
function _burn(address account, uint256 value) internal {
assembly () {
// ... burning logic ...
// @> NO EVENT EMITTED!
// Should emit: Transfer(account, address(0), value)
}
}
Risk
Likelihood:
-
Every burn operation will fail to emit events
-
This is 100% reproducible
Impact:
-
Burns are invisible to all off-chain tracking systems
-
Token supply tracking becomes impossible
-
Breaks ERC20 compliance
Proof of Concept
function test_burn_no_event() public {
token.mint(alice, 100e18);
token2.mint(alice, 100e18);
vm.recordLogs();
token.burn(alice, 50e18);
Vm.Log[] memory logs = vm.getRecordedLogs();
assertEq(logs.length, 0); // No events!
vm.recordLogs();
token2.burn(alice, 50e18);
logs = vm.getRecordedLogs();
assertEq(logs.length, 1); // OpenZeppelin emits Transfer
}
Recommended Mitigation
Add the following lines at the end of the _burn function assembly block:
function _burn(address account, uint256 value) internal {
assembly () {
if iszero(account) {
mstore(0x00, shl(224, 0x96c6fd1e))
mstore(add(0x00, 4), 0x00)
revert(0x00, 0x24)
}
let ptr := mload(0x40)
let balanceSlot := _balances.slot
let supplySlot := _totalSupply.slot
let supply := sload(supplySlot)
sstore(supplySlot, sub(supply, value))
mstore(ptr, account)
mstore(add(ptr, 0x20), balanceSlot)
let accountBalanceSlot := keccak256(ptr, 0x40)
let accountBalance := sload(accountBalanceSlot)
sstore(accountBalanceSlot, sub(accountBalance, value))
+
+ // Emit Transfer(account, address(0), value)
+ mstore(ptr, value)
+ log3(ptr, 0x20, 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef, account, 0)
}
}
Rewards breakdown
nSLOC
222This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.
Rewards Distribution
The contest is complete and the rewards are being distributed.