Fatal TransferMint Bug in Multiple TRC20 Smart Contracts

On 2019/04/08, PeckShield researchers identified a new type of vulnerability, TransferMint in multiple TRC20 smart contracts, which could be exploited by attackers to mint unlimited tokens. This bug is similar to the ones we identified on ERC20 smart contracts in 2018, such as batchOverflow, proxyOverflow, transferFlaw, and ownerAnyone. However, the TransferMint bug identified on TRC20 contracts is a little bit different from the previous ones.

According to our data, there are 20+ smart contracts or dapps which are vulnerable to TransferMint. At the time we identified this, PeckShield researchers reported the problem to the owners of those vulnerable TRC20 contracts including Iseri Project and RockstarToken. Also, we notified exchanges to suspend deposits and withdrawals of those tokens. Now, it’s time to disclose the vulnerable contracts:

Contracts Vulnerable to TransferMint
TUYVZudnCQq8y6JjL65FhLQYDurpQ4NBD2
TSmd4ku6DJXHuXadNsxERMgcZQdu6MPJXm
TAcDiVjMK1Ch3VJeMzmFnH1RoYrnEYDPyt
TC6o5RdXrvSQGtCedYja1KvnZTtSy681uS
TCxTmkY4q2pNYrNV6zLHJWvsbZtYXqDTjN
TDFd3ShioizhsHqTdSZSfhYRxtdXBvCJCN
TMTHXUTLRksDhFFd694uYvkYxRL68UdezX
TAs5gCuGtQyhu822CG3CgsKX8Afs2aPtRv
TZ4uWjo43gDEfpG5vtPgtN2JxzppryBubn
TP4vE9qxphZ37Njniw6NPZspFUD1eT2xRs
TB2SqC48afC9FX36bPQQHatoKo5m79JXKL
TYFP5hNf3vQCAZo6TmnGTaAZHRABRQKisW
TRu6xUwGHHRHDW3cGED2RsCMABByEinWn5
TYkb8p83JgqKndTLLsypH9Z81VWc4Gifzn
TGUCrYGGzb8D6uBiyMHAR5EVRAuJAXoqpB
TJYd7Nqj3o7ZWveKVtZ4uG1vRNKSmci4JE
TTAxUH77DDxg62JnaosPYfZMBSnXuy6aWR
TNhYmahDUBAoUTtRrUFRPmnYwDCFiLMyVw

In the above table, TNhYmahDUBAoUTtRrUFRPmnYwDCFiLMyVw and TJYd7Nqj3o7ZWveKVtZ4uG1vRNKSmci4JE are belong to a famous TRON-based DApp, TronCrush. According to the analysis by BESEC:

TronCrush is a TRON DApp which is greatly promoted by KOLs and listed by Kiwidex before the first bonus distribution. TronCrush team contacts with the top TRON exchange TronTrade for listing their token TCC. On 3/26, the volume on the first day of mining reaches 1.2B TRX. Because of the mining mania, the dev team of TronCrush suspended the game for maintenance multiple times, which affects the volume of 3/27 and 3/28. At midnight of 3/29, the first bonus distribution day, TronTrade suspended TCC transfers. For this, TronCrush team declared that the smart contract of TCC has some bugs. The problem is under investigation but the game is not suspended.

Details

TRON TRC20 is a token standard compatible to Ethereum ERC20. It has the following functions:

In the above functions, the function transfer(address to, uint tokens) is used to transfer tokens ERC20 tokens to to. However, each contract creator may have a different implementation. Here, we use the TRC20 IRC smart contract of Iseri Project as an example to explain the details of TransferMint.

The logic of _transfer(address _from, address _to, uint256 _value) is explained as follows:

  1. If _to is 0, return;
  2. Retrieve the balance of _from and store it into oldFromVal;
  3. If _value <= 0 or oldFromVal < _value, return;
  4. Retrieve the balance of _to and store it into oldToVal;
  5. newFromVal = oldFromVal - _value;
  6. If newToVal <= oldToVal, return;
  7. newFromVal = oldFromVal - _value;
  8. Store newFromVal into balances[_from];
  9. Store newToVal into balances[_to];
  10. Make sure (oldFromVal + oldToVal) == (newFromVal + newToVal) — no integer overflow here.

In normal cases, there’s no problem at all. However, when _from is identical to _to, something magical happens.

When _from == _to, line 81 is overwritten by line 82. Therefore, the balance of _from would be newToVal which is oldToVal + _value or oldFromVal + _value. As a result, you can do balances[_from] = oldFromVal + _value with a _value less than or equal to balances[_from] by a loopback transfer call. That’s the reason we name the loophole TransferMint which leads to arbitrarily increasing the total supply of the token and badly affecting the ecosystem.

Conclusion

For ERC20/TRC20 contracts, Ethereum/TRON provides open-source verified templates and libraries, for example, openzeppelin-solidity/SafeMath.sol at master · OpenZeppelin/openzeppelin-solidity and openzeppelin-solidity/ERC20.sol at master · OpenZeppelin/openzeppelin-solidity. Smart contract developers could leverage the code instead of reinventing the wheels. However, while leveraging the code, in some cases, the smart contracts may be vulnerable due to common zero-days in the templates or libraries. Before deploying the contract, make sure to contact with security firms and conduct for an audit.

About Us

PeckShield Inc. is a leading blockchain security company with the goal of elevating the security, privacy, and usability of current blockchain ecosystem. For any business or media inquiries (including the need for smart contract auditing), please contact us at telegram, twitter, or email.

Published

09 April 2019

Tags