ALERT: New batchOverflow Bug in Multiple ERC20 Smart Contracts (CVE-2018-10299)
Built on our earlier efforts in analyzing EOS tokens, we have developed an automated system to scan and analyze Ethereum-based (ERC-20) token transfers. Specifically, our system will automatically send out alerts if any suspicious transactions (e.g., involving unreasonably large tokens) occur.
In particular, on 4/22/2018, 03:28:52 a.m. UTC, our system raised an alarm which is related to an unusual BEC token transaction (shown in Figure 1). In this particular transaction, someone transferred an extremely large amount of BEC token —0x8000,0000,0000,0000,0000,0000,0000,0000,0000,0000,0000,0000,0000,0000,0000,0000(63 0’s – In fact, there’re actually two such large token transfers, with each transfer involving the same amount of tokens from the same BeautyChain contract but to two different addresses).
Figure 1: A Suspicious BEC Token Transfer (with huge amount)
This anomaly prompted us the need to look into the related smart contract code. Our study shows that such transfer comes from an “in-the-wild” attack that exploits a previously unknown vulnerability in the contract. For elaboration, we call this particular vulnerabilitybatchOverflow. We point out that batchOverflow is essentially a classic integer overflow issue. In the following, we examine in more details the batchOverflow vulnerability.
Figure 2: The Vulnerable Function: batchTransfer()
The vulnerable function is located in batchTransfer and the code is shown in Figure 2. As indicated in line 257, the amount local variable is calculated as the product of cnt and_value. The second parameter, i.e., _value, can be an arbitrary 256 bits integer, say0x8000,0000,0000,0000,0000,0000,0000,0000,0000,0000,0000,0000,0000,0000,0000,0000(63 0’s). By having two _receivers passed into batchTransfer(), with that extremely large_value, we can overflow amount and make it zero. With amount zeroed, an attacker can then pass the sanity checks in lines 258-259 and make the subtraction in line 261 irrelevant. Finally, here comes the interesting part: as shown in lines 262-265, the balance of the two receivers would be added by the extremely large _value without costing a dime in the the attacker’s pocket!
With that, we further run our system to scan and analyze other contracts. Our results show that more than a dozen of ERC20 contracts are also vulnerable to batchOverflow. To demonstrate, we have successfully transacted with one vulnerable contract (that is not tradable in any exchange) as our proof-of-concept exploit (Figure 3).
By the time of writing this blog, we have also made efforts to contact the teams who own these vulnerable contracts. However, with the touted “code-is-law” principle in Ethereum blockchain, there is no traditional well-known security response mechanism in place to remedy these vulnerable contracts! Moreover, with potential values associated with these tokens, we, as a third-party independent security team, unfortunately are not in the position to react by suspending the trading of vulnerable tokens in various exchanges. Fortunately, effectively at 4:12 p.m. GMT+8, OKEx made an announcement to suspend the withdrawal and trading of BeautyChain (BEC), a batchOverflow-affected token. However, other exchanges also need to be coordinated and there still exist other tradable tokens vulnerable to batchOverflow! The presence of non-centralized exchanges with offline trading services might pose additional challenges as they cannot even stop attackers from laundering their tokens.
On the other hand, we might face additional serious complexities. Specifically, it is very likely for an attacker to possess a huge amount of tokens by exploiting these vulnerable contracts. What if she go to a cryptocurrency exchange and start to trade those tokens for ETH, BTC, or even USD? With the extremely large amount of tokens in possession (likely larger than totalSupply in circulation), the attack might easily manipulate the price of related cryptocurrencies. This immediately reminds us the very recent Binance incident [1] happened early last month that the criminal crew drove up Viacoin by controlling Binance customers’ accounts to cash out on the other side.
References
- [1] [Binance Hack Linked To Viacoin Pump, March, 2018]: https://hackernoon.com/alleged-hack-of-binance-linked-to-viacoin-pump-bb9066bf96bf
相關文章
- New proxyOverflow Bug in Multiple ERC20 Smart Contracts (CVE-2018-10376)
- New multiOverflow Bug Identified in Multiple ERC20 Smart Contracts (CVE-2018-10706)IDE
- New burnOverflow Bug Identified in Multiple ERC20 Smart Contracts (CVE-2018-11239)IDE
- New evilReflex Bug Identified in Multiple ERC20 Smart Contracts (CVE-2018-12702, CVE-2018-12703)FlexIDE
- New allowAnyone Bug Identified in Multiple ERC20 Smart Contracts (CVE-2018-11397, CVE-2018-11398)IDE
- New ceoAnyone Bug Identified in Multiple Crypto Game Smart Contracts (CVE-2018-11329)IDEGAM
- New ownerAnyone Bug Allows For Anyone to ''Own'' Certain ERC20-Based Smart Contracts (CVE-2018-10705AI
- 由於潛在BatchOverFlow漏洞,多個交易所暫停ERC20代幣交易BAT
- CVE-2018-10944: Vulnerability of ROC(aka Rasputin Online Coin) smart contract (Ethereum ERC20 token)
- SMART goals - SMART objectivesGoObject
- 【BUG】ORA-00600 [17147] ORA-48216 When Querying V$DIAG_ALERT_EXT ViewView
- Bug 12725963 - New database connection fails with ORA-12541 after vip failoverDatabaseAI
- JavaScript alert()JavaScript
- [BUG反饋]onethink 登陸時呼叫$User = new UserApi; 報錯。API
- 禁用alert() 方法
- openzeppelin/contracts/utils/Counters.sol" not found
- ERC20介紹
- JavaScript select multipleJavaScript
- Logstash Multiple Pipelines
- oracle alert日誌Oracle
- Smart Industry Operations
- Small Multiple(最短路)
- 2.3.6.2 Synchronization of Multiple ApplicationsAPP
- LLM multiple modal applicationsAPP
- kubernetes traefik multiple namespacesnamespace
- Laravel 原始碼閱讀指南 -- Contracts 契約Laravel原始碼
- 關於自定義 Alert
- prometheus: 安裝alert managerPrometheus
- new self()與new static()
- The phenomenon of smart contract honeypots
- Multiple Books多賬薄
- POJ1426-Find The Multiple
- 歸檔oracle alert日誌Oracle
- New
- 重構smart-importImport
- Slither: A Static Analysis Framework For SmartFramework
- Smart Value Help 總結
- onClick事件中點選跳轉新的activity提示FLAG_ACTIVITY_NEW_TASK的奇怪bug事件