A Redundant SafeMath Implementation to Make Your Contract Unsafe!
Our vulnerability-scanning system at PeckShield has so far discovered several dangerous smart contract vulnerabilities ( batchOverflow[1], proxyOverflow[2], transferFlaw[3], ownerAnyone[4], multiOverflow[5], burnOverflow[6], ceoAnyone[7], allowAnyone[8], allowFlaw[9]), tradeTrap[10], evilReflex[11]). Some of them could be used by attackers to generate tokens out of nowhere or steal tokens from legitimate owners, while others can be used to take over the ownership from legitimate contract owners (or administrators).
In this blog, we disclose a new type of vulnerability named unSafeMath. With such an implementation, any protection provided by the original SafeMath library would be gone with the wind. Consequently, anyone can transfer an arbitrary amount of tokens to any address from the affected ERC20 contracts. As a matter of fact, we have observed attacks in the wild. In the following, we are going to go through the details of the vulnerability.
As shown in Figure 1, the implementation of SafeMath has an extra internal function assert(), which overrides the general-use utility function assert() (introduced in Solidity 0.4.10). As indicated in line 36, if the boolean condition assertion was not satisfied, the function just returns back rather than throws an exception, which means the invocations of function assert() in functions like safeAdd() and safeSub() do not enforce any protection.

As a result, certain public accessible functions which are relying on the malfunctioned SafeMath are vulnerable to attackers. Figure 2 shows the affected transferFrom() function, the addition and subtraction operations in line 85-87 suffer from overflow and underflow vulnerabilities!

We have observed a transaction launched by the attacker, as follows:

The affected tokens we discovered so far are listed in the following:
Name | Address |
---|---|
MOVIECREDITS (EMVC) | 0xd3f5056d9a112ca81b0e6f9f47f3285aa44c6aaa |
Fox Token | 0x8a883a20940870dc055f2070ac8ec847ed2d9918 |
SafeMath again proves its value in this case. However, make sure you use the right version of SafeMath in all smart contracts that have arithmetic operations.
About US
PeckShield Inc. is a leading blockchain security company with the goal of elevating the security, privacy, and usability of current blockchain ecosystem. For any business or media inquires (e.g., smart contract auditing), please contact us at telegram, twitter, or email.
References
- [1] PeckShield: New batchOverflow Bug in Multiple ERC20 Smart Contracts (CVE-2018-10299), April 22, 2018
- [2] PeckShield: New proxyOverflow Bug in Multiple ERC20 Smart Contracts (CVE-2018-10376), April 25, 2018
- [3] PeckShield: Your Tokens Are Mine: A Suspicious Scam Token in A Top Exchange, April 28, 2018
- [4] PeckShield: New ownerAnyone Bug Allows For Anyone to ‘‘Own’’ Certain ERC20-Based Smart Contracts (CVE-2018-10705), May 3, 2018
- [5] PeckShield: New multiOverflow Bug Identified in Multiple ERC20 Smart Contracts (CVE-2018-10706), May 10, 2018
- [6] PeckShield: New burnOverflow Bug Identified in Multiple ERC20 Smart Contracts (CVE-2018-11239), May 18, 2018
- [7] PeckShield: New ceoAnyone Bug Identified in Multiple Crypto Game Smart Contracts (CVE-2018-11329), May 21, 2018
- [8] PeckShield: New allowAnyone Bug Identified in Multiple ERC20 Smart Contracts (CVE-2018-11397, CVE-2018-11398), May 23, 2018
- [9] PeckShield: New allowFlaw Bug Identified in Multiple ERC20 Smart Contracts, June 6, 2018
- [10] PeckShield: Full Disclosure of Highly-Manipulatable, tradeTrap-Affected ERC20 Tokens in Multiple Top Exchanges, June 11, 2018
- [11] PeckShield: New evilReflex Bug Identified in Multiple ERC20 Smart Contracts (CVE-2018-12702, CVE-2018-12703), June 23, 2018