The original smart contract code has been changed to simplify deployment.
The vulnerability lies in the code below. It allows anyone to move anyone else's funds to an address that is trusted. It is understood that the trusted address can be a popular DeFi smart contract such as Uniswap Router. The attacker will not be able to take possession of the funds, but he will be able to move the funds of any users without permission.
if (isTrusted[_recipient]) {
Smart contract. UniswapV2Router02 as trusted smart contract. Victim. Attacker. Transaction with an attack - Funds from the address of the victim without permission are transferred by any user to the address of a trusted contract.
To fix the vulnerability, the function should be modified as follows.
Because this function is called by the trusted smart contract itself.
The trusted caller of this function is the spender
, not the recipient
.
if (isTrusted[_msgSender()]) {
Tether USD (USDT), Euro Tether (EURT) and etc in various EVM-based blockchains with isTrusted
functionality.
One of them:
- Euro Tether (EURT) in Ethereum: