Fatal TransferMint Bug in Multiple TRC20 Smart Contracts
On 2019/04/08, PeckShield researchers identified a new type of vulnerability, TransferMint in multiple TRC20 smart contracts, which could be exploited by attackers to mint unlimited tokens. This bug is similar to the ones we identified on ERC20 smart contracts in 2018, such as batchOverflow, proxyOverflow, transferFlaw, and ownerAnyone. However, the TransferMint bug identified on TRC20 contracts is a little bit different from the previous ones.
According to our data, there are 20+ smart contracts or dapps which are vulnerable to TransferMint. At the time we identified this, PeckShield researchers reported the problem to the owners of those vulnerable TRC20 contracts including Iseri Project and RockstarToken. Also, we notified exchanges to suspend deposits and withdrawals of those tokens. Now, it’s time to disclose the vulnerable contracts:
Contracts Vulnerable to TransferMint |
---|
TUYVZudnCQq8y6JjL65FhLQYDurpQ4NBD2 |
TSmd4ku6DJXHuXadNsxERMgcZQdu6MPJXm |
TAcDiVjMK1Ch3VJeMzmFnH1RoYrnEYDPyt |
TC6o5RdXrvSQGtCedYja1KvnZTtSy681uS |
TCxTmkY4q2pNYrNV6zLHJWvsbZtYXqDTjN |
TDFd3ShioizhsHqTdSZSfhYRxtdXBvCJCN |
TMTHXUTLRksDhFFd694uYvkYxRL68UdezX |
TAs5gCuGtQyhu822CG3CgsKX8Afs2aPtRv |
TZ4uWjo43gDEfpG5vtPgtN2JxzppryBubn |
TP4vE9qxphZ37Njniw6NPZspFUD1eT2xRs |
TB2SqC48afC9FX36bPQQHatoKo5m79JXKL |
TYFP5hNf3vQCAZo6TmnGTaAZHRABRQKisW |
TRu6xUwGHHRHDW3cGED2RsCMABByEinWn5 |
TYkb8p83JgqKndTLLsypH9Z81VWc4Gifzn |
TGUCrYGGzb8D6uBiyMHAR5EVRAuJAXoqpB |
TJYd7Nqj3o7ZWveKVtZ4uG1vRNKSmci4JE |
TTAxUH77DDxg62JnaosPYfZMBSnXuy6aWR |
TNhYmahDUBAoUTtRrUFRPmnYwDCFiLMyVw |
In the above table, TNhYmahDUBAoUTtRrUFRPmnYwDCFiLMyVw
and TJYd7Nqj3o7ZWveKVtZ4uG1vRNKSmci4JE
are belong to a famous TRON-based DApp, TronCrush.
According to the analysis by BESEC:
TronCrush is a TRON DApp which is greatly promoted by KOLs and listed by Kiwidex before the first bonus distribution. TronCrush team contacts with the top TRON exchange TronTrade for listing their token TCC. On 3/26, the volume on the first day of mining reaches 1.2B TRX. Because of the mining mania, the dev team of TronCrush suspended the game for maintenance multiple times, which affects the volume of 3/27 and 3/28. At midnight of 3/29, the first bonus distribution day, TronTrade suspended TCC transfers. For this, TronCrush team declared that the smart contract of TCC has some bugs. The problem is under investigation but the game is not suspended.
Details
TRON TRC20 is a token standard compatible to Ethereum ERC20. It has the following functions:

In the above functions, the function transfer(address to, uint tokens)
is used to transfer tokens
ERC20 tokens to to
.
However, each contract creator may have a different implementation.
Here, we use the TRC20 IRC smart contract of Iseri Project as an example to explain the details of TransferMint.

The logic of _transfer(address _from, address _to, uint256 _value)
is explained as follows:
- If
_to
is 0, return; - Retrieve the balance of
_from
and store it intooldFromVal
; - If
_value <= 0
oroldFromVal < _value
, return; - Retrieve the balance of
_to
and store it intooldToVal
; newFromVal = oldFromVal - _value
;- If
newToVal <= oldToVal
, return; newFromVal = oldFromVal - _value
;- Store
newFromVal
intobalances[_from]
; - Store
newToVal
intobalances[_to]
; - Make sure
(oldFromVal + oldToVal) == (newFromVal + newToVal)
— no integer overflow here.
In normal cases, there’s no problem at all.
However, when _from
is identical to _to
, something magical happens.

When _from == _to
, line 81 is overwritten by line 82.
Therefore, the balance of _from
would be newToVal
which is oldToVal + _value
or oldFromVal + _value
.
As a result, you can do balances[_from] = oldFromVal + _value
with a _value
less than or equal to balances[_from]
by a loopback transfer call.
That’s the reason we name the loophole TransferMint
which leads to arbitrarily increasing the total supply of the token and badly affecting the ecosystem.
Conclusion
For ERC20/TRC20 contracts, Ethereum/TRON provides open-source verified templates and libraries, for example, openzeppelin-solidity/SafeMath.sol at master · OpenZeppelin/openzeppelin-solidity and openzeppelin-solidity/ERC20.sol at master · OpenZeppelin/openzeppelin-solidity. Smart contract developers could leverage the code instead of reinventing the wheels. However, while leveraging the code, in some cases, the smart contracts may be vulnerable due to common zero-days in the templates or libraries. Before deploying the contract, make sure to contact with security firms and conduct for an audit.
About Us
PeckShield Inc. is a leading blockchain security company with the goal of elevating the security, privacy, and usability of current blockchain ecosystem. For any business or media inquiries (including the need for smart contract auditing), please contact us at telegram, twitter, or email.