tether-vulnerability-in-the-transferfrom-function's Introduction

Tether vulnerability in the transferFrom function

The original smart contract code has been changed to simplify deployment.

Vulnerability

The vulnerability lies in the code below. It allows anyone to move anyone else's funds to an address that is trusted. It is understood that the trusted address can be a popular DeFi smart contract such as Uniswap Router. The attacker will not be able to take possession of the funds, but he will be able to move the funds of any users without permission.

if (isTrusted[_recipient]) {

Testing vulnerability in Goerli

Smart contract. UniswapV2Router02 as trusted smart contract. Victim. Attacker. Transaction with an attack - Funds from the address of the victim without permission are transferred by any user to the address of a trusted contract.

Fixing vulnerability

To fix the vulnerability, the function should be modified as follows. Because this function is called by the trusted smart contract itself. The trusted caller of this function is the spender, not the recipient.

if (isTrusted[_msgSender()]) {

Smart contracts

Tether USD (USDT), Euro Tether (EURT) and etc in various EVM-based blockchains with isTrusted functionality. One of them:

Euro Tether (EURT) in Ethereum:
- Proxy;
- Implementation with vulnerability.

Recommend Projects

an-ivannikov / tether-vulnerability-in-the-transferfrom-function Goto Github PK