Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2022-04-PHUTURE-FINDINGS-ISSUES-31
HistoryApr 21, 2022 - 12:00 a.m.

Orderers Can Unauthorized Transfer User's Share In Single Step

2022-04-2100:00:00
Code4rena
github.com
7
JSON

Lines of code

Vulnerability details

Impact

The transferFrom function of vToken.sol can be done without any user permissions or strict security checks, requires only the caller must has ORDERER_ROLE as the access control, exposing it to the centralize risk if an orderer is compromised or act maliciously.

Proof of Concept

  1. Attacker call transferFrom(victim, attacker, user_share)
  2. transferFrom forward the call to _transfer() which just also forward the call to NAV.transfer()

Tools Used

None

Recommended Mitigation Steps

  • Consider inheriting from the ERC20 standard or implementing an allowance check to prohibit users from transferring funds without approval.
  • Allow only multi-signature wallets to call the function to reduce the likelihood of an attack.

The text was updated successfully, but these errors were encountered:

šŸ‘ 1 moose-code reacted with thumbs up emoji

All reactions

  • šŸ‘ 1 reaction
JSON