ALERT: New batchOverflow Bug in Multiple ERC20 Smart Contracts (CVE-2018-10299)
Built on our earlier efforts in analyzing EOS tokens, we have developed an automated system to scan and analyze Ethereum-based (ERC-20) token transfers. Specifically, our system will automatically send out alerts if any suspicious transactions (e.g., involving unreasonably large tokens) occur.
In particular, on 4/22/2018, 03:28:52 a.m. UTC, our system raised an alarm which is related to an unusual BEC token transaction (shown in Figure 1). In this particular transaction, someone transferred an extremely large amount of BEC token —0x8000,0000,0000,0000,0000,0000,0000,0000,0000,0000,0000,0000,0000,0000,0000,0000(63 0’s – In fact, there’re actually two such large token transfers, with each transfer involving the same amount of tokens from the same BeautyChain contract but to two different addresses).
Figure 1: A Suspicious BEC Token Transfer (with huge amount)
This anomaly prompted us the need to look into the related smart contract code. Our study shows that such transfer comes from an “in-the-wild” attack that exploits a previously unknown vulnerability in the contract. For elaboration, we call this particular vulnerabilitybatchOverflow. We point out that batchOverflow is essentially a classic integer overflow issue. In the following, we examine in more details the batchOverflow vulnerability.
Figure 2: The Vulnerable Function: batchTransfer()
The vulnerable function is located in batchTransfer and the code is shown in Figure 2. As indicated in line 257, the amount local variable is calculated as the product of cnt and_value. The second parameter, i.e., _value, can be an arbitrary 256 bits integer, say0x8000,0000,0000,0000,0000,0000,0000,0000,0000,0000,0000,0000,0000,0000,0000,0000(63 0’s). By having two _receivers passed into batchTransfer(), with that extremely large_value, we can overflow amount and make it zero. With amount zeroed, an attacker can then pass the sanity checks in lines 258-259 and make the subtraction in line 261 irrelevant. Finally, here comes the interesting part: as shown in lines 262-265, the balance of the two receivers would be added by the extremely large _value without costing a dime in the the attacker’s pocket!
With that, we further run our system to scan and analyze other contracts. Our results show that more than a dozen of ERC20 contracts are also vulnerable to batchOverflow. To demonstrate, we have successfully transacted with one vulnerable contract (that is not tradable in any exchange) as our proof-of-concept exploit (Figure 3).
By the time of writing this blog, we have also made efforts to contact the teams who own these vulnerable contracts. However, with the touted “code-is-law” principle in Ethereum blockchain, there is no traditional well-known security response mechanism in place to remedy these vulnerable contracts! Moreover, with potential values associated with these tokens, we, as a third-party independent security team, unfortunately are not in the position to react by suspending the trading of vulnerable tokens in various exchanges. Fortunately, effectively at 4:12 p.m. GMT+8, OKEx made an announcement to suspend the withdrawal and trading of BeautyChain (BEC), a batchOverflow-affected token. However, other exchanges also need to be coordinated and there still exist other tradable tokens vulnerable to batchOverflow! The presence of non-centralized exchanges with offline trading services might pose additional challenges as they cannot even stop attackers from laundering their tokens.
On the other hand, we might face additional serious complexities. Specifically, it is very likely for an attacker to possess a huge amount of tokens by exploiting these vulnerable contracts. What if she go to a cryptocurrency exchange and start to trade those tokens for ETH, BTC, or even USD? With the extremely large amount of tokens in possession (likely larger than totalSupply in circulation), the attack might easily manipulate the price of related cryptocurrencies. This immediately reminds us the very recent Binance incident [1] happened early last month that the criminal crew drove up Viacoin by controlling Binance customers’ accounts to cash out on the other side.
References
- [1] [Binance Hack Linked To Viacoin Pump, March, 2018]: https://hackernoon.com/alleged-hack-of-binance-linked-to-viacoin-pump-bb9066bf96bf
相關文章
- New proxyOverflow Bug in Multiple ERC20 Smart Contracts (CVE-2018-10376)
- New multiOverflow Bug Identified in Multiple ERC20 Smart Contracts (CVE-2018-10706)IDE
- New burnOverflow Bug Identified in Multiple ERC20 Smart Contracts (CVE-2018-11239)IDE
- New allowAnyone Bug Identified in Multiple ERC20 Smart Contracts (CVE-2018-11397, CVE-2018-11398)IDE
- New ceoAnyone Bug Identified in Multiple Crypto Game Smart Contracts (CVE-2018-11329)IDEGAM
- New evilReflex Bug Identified in Multiple ERC20 Smart Contracts (CVE-2018-12702, CVE-2018-12703)FlexIDE
- New ownerAnyone Bug Allows For Anyone to ''Own'' Certain ERC20-Based Smart Contracts (CVE-2018-10705AI
- 由於潛在BatchOverFlow漏洞,多個交易所暫停ERC20代幣交易BAT
- SMART goals - SMART objectivesGoObject
- Fixed the bug:while running alert/confirm in javascript the chrome freezesWhileJavaScriptChrome
- Oracel 12c Alert日誌中的Creating new log segment
- Manual Log Switching Causing Cannot Allocate New Log in Alert Log_435887.1
- CVE-2018-10944: Vulnerability of ROC(aka Rasputin Online Coin) smart contract (Ethereum ERC20 token)
- Smart Clientclient
- Multiple Regression
- CodeForces 908B New Year and Buggy Bot
- Queries to view Alert Log content And Alert LocationView
- JavaScript alert()JavaScript
- [BUG反饋]onethink 登陸時呼叫$User = new UserApi; 報錯。API
- oracle 9i wrap加密,需要指定edubug=wrap_new_sqlOracle加密SQL
- SMART Goal SettingGo
- JavaScript select multipleJavaScript
- Small Multiple(最短路)
- DataGridView with multiple tableView
- Multiple Buffer Pools (83)
- Multiple Block Sizes (53)BloC
- openzeppelin/contracts/utils/Counters.sol" not found
- oracle alert日誌每天截斷truncate_alert.shOracle
- Bug 3248886 - Continous 'restarting dead background process qmn0' message in alert.logREST
- New start new hope!
- 重構smart-importImport
- Slither: A Static Analysis Framework For SmartFramework
- Smart Value Help 總結
- 6.7.Propel-smart,easyobjectpersistenceObject
- Laravel 原始碼閱讀指南 -- Contracts 契約Laravel原始碼
- 對話#28:Contracts, Promises, and Mere Semantics (轉)Promise
- 2.3.6.2 Synchronization of Multiple ApplicationsAPP
- Multiple Books多賬薄