CryptoAudit on Nostr: In this contract, attacker by buying 112 USDT and then buying 101 TCR using USDT and ...
In this contract, attacker by buying 112 USDT and then buying 101 TCR using USDT and selling 101 TCR, the hacker obtained 600K USDT.
https://etherscan.io/tx/0x81e9918e248d14d78ff7b697355fd9f456c6d7881486ed14fdfb69db16631154https://etherscan.io/token/0xe38b72d6595fd3885d1d2f770aa23e94757f91a1#code#L159The root cause of this problem is in the burnFrom function. This implementation allows any account A to burn tokens from any other account B if account A approves that number of tokens to B.
Hacker Approved huge amount of tokens to Uniswap pool. In the next step, he buys 101 TCR. Then he uses this bug to burn TCR owned by the pool and as a result the price of TCR increases. In the end, he sells the TCRs he bought.
```
require(_allowance[msg.sender][from] >= amount, ERROR_ATL);
```
You can easily write a rule for this pattern with the @semgrep tool and find all similar cases.
Published at
2024-09-17 18:02:54Event JSON
{
"id": "ca32987167ccb2854867783fd95f2c9fa0e500b19177b00b5b38054ece73f37a",
"pubkey": "daf7f4ccb8f4129d093c5b72d94423d8ff76b894dcf2789931aa62cf429e95a6",
"created_at": 1726596174,
"kind": 1,
"tags": [
[
"r",
"https://etherscan.io/tx/0x81e9918e248d14d78ff7b697355fd9f456c6d7881486ed14fdfb69db16631154"
],
[
"r",
"https://etherscan.io/token/0xe38b72d6595fd3885d1d2f770aa23e94757f91a1#code#L159"
],
[
"r",
"msg.sender"
]
],
"content": "In this contract, attacker by buying 112 USDT and then buying 101 TCR using USDT and selling 101 TCR, the hacker obtained 600K USDT.\n\nhttps://etherscan.io/tx/0x81e9918e248d14d78ff7b697355fd9f456c6d7881486ed14fdfb69db16631154\nhttps://etherscan.io/token/0xe38b72d6595fd3885d1d2f770aa23e94757f91a1#code#L159\n\nThe root cause of this problem is in the burnFrom function. This implementation allows any account A to burn tokens from any other account B if account A approves that number of tokens to B.\n\nHacker Approved huge amount of tokens to Uniswap pool. In the next step, he buys 101 TCR. Then he uses this bug to burn TCR owned by the pool and as a result the price of TCR increases. In the end, he sells the TCRs he bought.\n\n```\nrequire(_allowance[msg.sender][from] \u003e= amount, ERROR_ATL);\n```\n\nYou can easily write a rule for this pattern with the @semgrep tool and find all similar cases.",
"sig": "802bba0fa4dbfb1f2ef1470a7f2dd9ba69fbfbe4111d66278fd384c6f7421e1a8fd56de9ddedb0f70e7b06f13869748e491595ac19484c720d21f0ce50c3415e"
}