You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I just want to report what I consider a vulnerability in your ERC20 implementation with regard to the reference specification of ERC20 described here
Description
The methodtransferFrom should have a guard to check that the balance of the address From is bigger or equal to the _value.
Otherwise, a strange behavior is allowed such as described in the following trace:
Initial State : balances[0x2] = balances[0x1] = 0 and allowed[0x2][0x1] = 0
0x2:approve(0x1,1);
State : balances[0x2] = balances[0x1] = 0 and allowed[0x2][0x1] = 1
0x1:transferFrom(0x2,0x2,1);
State : balances[0x2] = balances[0x1] = 0 and allowed[0x2][0x1] = 0
The last method invocation should have failed if the method has a guard or if the instructions in lines 30 and 31 are swapped.
The text was updated successfully, but these errors were encountered:
Hello,
I just want to report what I consider a vulnerability in your ERC20 implementation with regard to the reference specification of ERC20 described here
Description
The method
transferFromshould have a guard to check that the balance of the addressFromis bigger or equal to the_value.Otherwise, a strange behavior is allowed such as described in the following trace:
The last method invocation should have failed if the method has a guard or if the instructions in lines 30 and 31 are swapped.
The text was updated successfully, but these errors were encountered: