Abstract

I found a vulnerability of a smart contract for UselessEthereumToken(UET), an Ethereum ERC20 token (CVE-2018–10468)[1]. Attackers can steal all victim’s balances into their accounts because there is a wrong if statement in transferFrom function.

Details

In ERC20 Token standard, it defines transferFrom function as follows [2]:

Transfers _value amount of tokens from address _from to address _to , and MUST fire the Transfer event.

It transfers balances of address _from to address _to at most _allowed[_from][msg.sender] . It is orginal functionality of transferFrom function.

Figure 1. Code of transferFrom function in UET smart contract

However, as you can see in Figure 1, transferFrom in UET smart contract is weired [3]. By the above code, a user can transfer balances more than address _from has, if balances[to] + _value is overflowed. It should be fixed as follows:

bool sufficientFunds = fromBalance >= _value;

bool sufficientAllowance = allowance >= _value;

bool overflowed = balances[_to] + _value > balances[_to]; if (sufficientFunds && sufficientAllowance && overflowed) {

Directions of two inequalities should be changed and ‘!’ in front of ‘overflowed’ variable in the if condition should be removed.

what can attackers do?

Attackers can steal balances of target addresses into his address. They just select _value that is a big enough to set overflowed variable as false, and select _to as his address. If attackers send a transaction with those arguments, the condition of if statement, at line 60, will be passed and then balances will be manipulated.

Exploits

It seems that it has already exploited several times by someone. I found two exploit transactions that had tried to transfer a huge number of tokens [4][5].

Figure 2. Exploit transaction at 04/20/2018

Figure 3. Exploit transaction at 04/27/2018

UET token is scam?

After I found this vulnerability, I visited the official homepage of Useless Ethereum Token [6]. In the page, they said that “Seriously, don’t buy these tokens”

Figure 4. Offical page of UET token

If you visit the offical page and read all text in that page, you can realize that it is scam. However, the developer said honestly that don’t buy it because this token does not have any value. Nevertheless, many people bought UET token and it collected about 310.445 Ether(about $226,274 in these days) during in crowdsale. Moreover, it is available at HitBTC exchange [7] (now, deposit/withdraw is not available).

Reports

I reported it to the developer of UET token, ethereum.org and got CVE id. Around the same time, Peckshiled team reported it and got same CVE id with me. They already published an article before me [8]. CVE team confirmed that I reported first and then Peckshied sent a request 30 hours later. So CVE team gave a same CVE id to me and Peckshiled, but Peckshiled published their article before me.

Conclusion

Developers always should pay attention to the direction of the inequality. Sometimes it causes serious security vulnerabilites in smart contracts as well as in many other softwares. However, in this case, I strongly suspect that it is an intentional bug. Therefore, people should be carefule when they purchage crypto token.

References