Our vulnerability-scanning system at PeckShield has so far discovered several dangerous smart contract vulnerabilities ( batchOverflow[1], proxyOverflow[2], transferFlaw[3], ownerAnyone[4], multiOverflow[5], burnOverflow[6], ceoAnyone[7], allowAnyone[8], allowFlaw[9]), tradeTrap[10], evilReflex[11]). Some of them could be used by attackers to generate tokens out of nowhere or steal tokens from legitimate owners, while others can be used to take over the ownership from legitimate contract owners (or administrators).

In this blog, we disclose a new type of vulnerability named unSafeMath. With such an implementation, any protection provided by the original SafeMath library would be gone with the wind. Consequently, anyone can transfer an arbitrary amount of tokens to any address from the affected ERC20 contracts. As a matter of fact, we have observed attacks in the wild. In the following, we are going to go through the details of the vulnerability.

As shown in Figure 1, the implementation of SafeMath has an extra internal function assert(), which overrides the general-use utility function assert() (introduced in Solidity 0.4.10). As indicated in line 36, if the boolean condition assertion was not satisfied, the function just returns back rather than throws an exception, which means the invocations of function assert() in functions like safeAdd() and safeSub() do not enforce any protection.

Figure 1: Superfluous implementation of SafeMath

As a result, certain public accessible functions which are relying on the malfunctioned SafeMath are vulnerable to attackers. Figure 2 shows the affected transferFrom() function, the addition and subtraction operations in line 85-87 suffer from overflow and underflow vulnerabilities!

Figure 2: Affected transferFrom() function

We have observed a transaction launched by the attacker, as follows:

Figure 3: Transaction launched by the attacker

The affected tokens we discovered so far are listed in the following:

Name Address
MOVIECREDITS (EMVC) 0xd3f5056d9a112ca81b0e6f9f47f3285aa44c6aaa
Fox Token 0x8a883a20940870dc055f2070ac8ec847ed2d9918

SafeMath again proves its value in this case. However, make sure you use the right version of SafeMath in all smart contracts that have arithmetic operations.

About US

PeckShield Inc. is a leading blockchain security company with the goal of elevating the security, privacy, and usability of current blockchain ecosystem. For any business or media inquires (e.g., smart contract auditing), please contact us at telegram, twitter, or email.