Lines of code
Vulnerability details
Impact
The transferFrom function of vToken.sol can be done without any user permissions or strict security checks, requires only the caller must has ORDERER_ROLE as the access control, exposing it to the centralize risk if an orderer is compromised or act maliciously.
Proof of Concept
- Attacker call transferFrom(victim, attacker, user_share)
- transferFrom forward the call to _transfer() which just also forward the call to NAV.transfer()
Tools Used
None
Recommended Mitigation Steps
- Consider inheriting from the ERC20 standard or implementing an allowance check to prohibit users from transferring funds without approval.
- Allow only multi-signature wallets to call the function to reduce the likelihood of an attack.
The text was updated successfully, but these errors were encountered:
š 1 moose-code reacted with thumbs up emoji
All reactions