BUG REPORT
Contract Name: ERC6909
Severity: CRITICAL
Bugs Found: 3
Bug 1: Unprotected Function - transfer
- Description: The
transfer function does not check if the sender has a sufficient balance before transferring tokens.
- Impact: This allows an attacker to transfer more tokens than they own, potentially leading to unintended behavior or exploits.
- Recommendation: Add a balance check before transferring tokens. The corrected function should look like this:
function transfer(address receiver, uint256 id, uint256 amount) public virtual returns (bool) {
require(balanceOf[msg.sender][id] >= amount, "INSUFFICIENT_BALANCE");
balanceOf[msg.sender][id] -= amount;
balanceOf[receiver][id] += amount;
emit Transfer(msg.sender, msg.sender, receiver, id, amount);
return true;
}Bug 2: Unprotected Function - transferFrom
- Description: The
transferFrom function does not check if the sender has a sufficient balance before transferring tokens.
- Impact: This allows an attacker to transfer more tokens than the sender owns, potentially leading to unintended behavior or exploits.
- Recommendation: Add a balance check before transferring tokens. The corrected function should look like this:
function transferFrom(address sender, address receiver, uint256 id, uint256 amount) public virtual returns (bool) {
require(balanceOf[sender][id] >= amount, "INSUFFICIENT_BALANCE");
if (msg.sender != sender && !isOperator[sender][msg.sender]) {
uint256 allowed = allowance[sender][msg.sender][id];
if (allowed != type(uint256).max) allowance[sender][msg.sender][id] = allowed - amount;
}
balanceOf[sender][id] -= amount;
balanceOf[receiver][id] += amount;
emit Transfer(msg.sender, sender, receiver, id, amount);
return true;
}Bug 3: Unprotected Function - _burn
- Description: The
_burn function does not check if the sender has a sufficient balance before burning tokens.
- Impact: This allows an attacker to burn more tokens than the sender owns, potentially leading to unintended behavior or exploits.
- Recommendation: Add a balance check before burning tokens. The corrected function should look like this:
function _burn(address sender, uint256 id, uint256 amount) internal virtual {
require(balanceOf[sender][id] >= amount, "INSUFFICIENT_BALANCE");
balanceOf[sender][id] -= amount;
emit Transfer(msg.sender, sender, address(0), id, amount);
}Additional Recommendations
- Consider adding input validation for
id and amount parameters to prevent potential reentrancy attacks.
- Add events for
OperatorSet and Approval functions to improve contract transparency.
- Review the contract's logic and ensure that it aligns with the ERC6909 standard.
By addressing these issues, the contract can be made more secure and resilient to potential attacks.
RECOMMENDATION: Immediate patch required. Bug Bounty Payout Address (ERC20): 0xe744f6791a685b0A0cC316ED44375B69361c837F
BUG REPORT
Contract Name: ERC6909
Severity: CRITICAL
Bugs Found: 3
Bug 1: Unprotected Function -
transfertransferfunction does not check if the sender has a sufficient balance before transferring tokens.Bug 2: Unprotected Function -
transferFromtransferFromfunction does not check if the sender has a sufficient balance before transferring tokens.Bug 3: Unprotected Function -
_burn_burnfunction does not check if the sender has a sufficient balance before burning tokens.Additional Recommendations
idandamountparameters to prevent potential reentrancy attacks.OperatorSetandApprovalfunctions to improve contract transparency.By addressing these issues, the contract can be made more secure and resilient to potential attacks.
RECOMMENDATION: Immediate patch required. Bug Bounty Payout Address (ERC20): 0xe744f6791a685b0A0cC316ED44375B69361c837F