transferFrom() can steal allowance of other accounts
Description
The transferFrom() function can be used to steal the allowance of other accounts due to incorrect approval logic. This can lead to unauthorized transfers of funds.
Examples
Insecure Code
solidity
function transferFrom(address sender, address recipient, uint256 amount) {
_approve(sender, recipient, allowance(sender, recipient).sub(amount, "ERC20: transfer amount exceeds allowance"), 0);
}Secure Code
solidity
function transferFrom(address sender, address recipient, uint256 amount) {
_approve(sender, recipient, allowance(sender, recipient).sub(amount, "ERC20: transfer amount exceeds allowance"), allowance(sender, recipient));
}Remediation
Update the approval logic to correctly handle the allowance of the sender and recipient.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0435 |
| Category | Crypto |
| Severity | CRITICAL |
| CWE | CWE-688 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | HIGH |
| Exploitability | EASY |
| Tags | smart contract, ethereum |
| OWASP | N/A |
References
- https://medium.com/immunefi/redacted-cartel-custom-approval-logic-bugfix-review-9b2d039ca2c5
- https://etherscan.io/address/0x186E55C0BebD2f69348d94C4A27556d93C5Bd36C