Slex.io’s Post

#SpotTheBug nr. 6 The code below is taken from Ethernaut's CTF. Here is the context of the challenge "NaughtCoin is an ERC20 token and you're already holding all of them. The catch is that you'll only be able to transfer them after a 10 year lockup period. Can you figure out how to get them out to another address so that you can transfer them freely? Complete this level by getting your token balance to 0." Do you see the issue? 🙂 #solidity #smartcontracts #smartcontractsecurity #web3

Aayush Giri and Juan Obligado caught this one. You can find their answers in the comments of the original post. The TL;DR is that the contract below doesn't prevent the `player` from approving a 2nd wallet to spend the tokens on their behalf. By approving a 2nd wallet, they can call the `transferFrom` function and bypass the lockup period.

Exciting developments in the Ethereum ecosystem.EigenLayer (EIGEN) is revolutionizing decentralized security with its innovative restaking protocol. By enhancing security and rewards for ETH stakers and LSD holders, EigenLayer is poised to transform the future of DeFi. Join the conversation and let's explore the possibilities. #EigenLayer #EIGEN #DeFi.

This is a classic example of incomplete access control. The issue is that while the contract implements a 𝘭𝘰𝘤𝘬𝘛𝘰𝘬𝘦𝘯𝘴 modifier on the transfer function to prevent token transfers for 10 years, it fails to protect against other ERC20 transfer methods. The key vulnerability is that the contract doesn't override the approve and 𝘵𝘳𝘢𝘯𝘴𝘧𝘦𝘳𝘍𝘳𝘰𝘮() functions from the ERC20 standard! While direct 𝘵𝘳𝘢𝘯𝘴𝘧𝘦𝘳() is locked for 10 years, an attacker can simply: 1️⃣ Call 𝘢𝘱𝘱𝘳𝘰𝘷𝘦() to authorise another address to spend their tokens. 2️⃣ Use that second address to call 𝘵𝘳𝘢𝘯𝘴𝘧𝘦𝘳𝘍𝘳𝘰𝘮() to move the tokens Here's how to exploit it: // 𝘈𝘴𝘴𝘶𝘮𝘪𝘯𝘨 𝘺𝘰𝘶'𝘳𝘦 𝘵𝘩𝘦 𝘱𝘭𝘢𝘺𝘦𝘳 𝘩𝘰𝘭𝘥𝘪𝘯𝘨 𝘢𝘭𝘭 𝘵𝘰𝘬𝘦𝘯𝘴 // 1. 𝘈𝘱𝘱𝘳𝘰𝘷𝘦 𝘢𝘯𝘰𝘵𝘩𝘦𝘳 𝘢𝘥𝘥𝘳𝘦𝘴𝘴 𝘵𝘰 𝘴𝘱𝘦𝘯𝘥 𝘺𝘰𝘶𝘳 𝘵𝘰𝘬𝘦𝘯𝘴 𝘯𝘢𝘶𝘨𝘩𝘵𝘊𝘰𝘪𝘯.𝘢𝘱𝘱𝘳𝘰𝘷𝘦(𝘢𝘵𝘵𝘢𝘤𝘬𝘦𝘳𝘈𝘥𝘥𝘳𝘦𝘴𝘴, 𝘯𝘢𝘶𝘨𝘩𝘵𝘊𝘰𝘪𝘯.𝘣𝘢𝘭𝘢𝘯𝘤𝘦𝘖𝘧(𝘱𝘭𝘢𝘺𝘦𝘳𝘈𝘥𝘥𝘳𝘦𝘴𝘴)); // 2. 𝘍𝘳𝘰𝘮 𝘵𝘩𝘦 𝘢𝘵𝘵𝘢𝘤𝘬𝘦𝘳 𝘢𝘥𝘥𝘳𝘦𝘴𝘴, 𝘤𝘢𝘭𝘭 𝘵𝘳𝘢𝘯𝘴𝘧𝘦𝘳𝘍𝘳𝘰𝘮 // 𝘛𝘩𝘪𝘴 𝘣𝘺𝘱𝘢𝘴𝘴𝘦𝘴 𝘵𝘩𝘦 𝘭𝘰𝘤𝘬𝘛𝘰𝘬𝘦𝘯𝘴 𝘮𝘰𝘥𝘪𝘧𝘪𝘦𝘳 𝘴𝘪𝘯𝘤𝘦 𝘪𝘵'𝘴 𝘯𝘰𝘵 𝘪𝘮𝘱𝘭𝘦𝘮𝘦𝘯𝘵𝘦𝘥 𝘰𝘯 𝘵𝘳𝘢𝘯𝘴𝘧𝘦𝘳𝘍𝘳𝘰𝘮 𝘯𝘢𝘶𝘨𝘩𝘵𝘊𝘰𝘪𝘯.𝘵𝘳𝘢𝘯𝘴𝘧𝘦𝘳𝘍𝘳𝘰𝘮(𝘱𝘭𝘢𝘺𝘦𝘳𝘈𝘥𝘥𝘳𝘦𝘴𝘴, 𝘢𝘵𝘵𝘢𝘤𝘬𝘦𝘳𝘈𝘥𝘥𝘳𝘦𝘴𝘴, 𝘯𝘢𝘶𝘨𝘩𝘵𝘊𝘰𝘪𝘯.𝘣𝘢𝘭𝘢𝘯𝘤𝘦𝘖𝘧(𝘱𝘭𝘢𝘺𝘦𝘳𝘈𝘥𝘥𝘳𝘦𝘴𝘴)); The lesson here is: 1️⃣ When implementing access controls, you need to protect ALL possible paths When inheriting from a contract (especially ERC20), you need to be aware of all the functionality it provides. 2️⃣ Simply protecting 𝘵𝘳𝘢𝘯𝘴𝘧𝘦𝘳() isn't enough if 𝘵𝘳𝘢𝘯𝘴𝘧𝘦𝘳𝘍𝘳𝘰𝘮() remains unrestricted. This is why it's often recommended to use OpenZeppelin's 𝘌𝘙𝘊20𝘗𝘢𝘶𝘴𝘢𝘣𝘭𝘦 or similar patterns that properly handle all transfer methods when implementing transfer restrictions.

Mind Labs has built a tool to separate restaked asset value from governance power. We call this MindV. If you’re staking Ethereum or Bitcoin through LRT and LST protocols, you’re earning extra yield and that’s nice. But there is also incredible governing power inherent in your assets that is not being put to use. This innovation represents the next phase of capital efficiency in DeFi; point the governing power of your staked assets to networks with demand for governance. In two days I will be discussing this innovation with Mike Silagadze of ether.fi and Amir from Puffer Labs. Mark your calendars: https://lnkd.in/eZQBr2mR

🧠 Trivia Time with Limitlex!  Do you know when Ethereum originally launched? Test your knowledge about one of the most significant #cryptocurrencies in history!  Share your answers in the comments below! 💡

This week, our highlighted keyword for State of the Network #256 is: Layer-1 Blockchains. In case you missed it, you can find our latest edition and learn more about Layer-1 Blockchains here >> https://lnkd.in/gvAfPxnn #FutureofFinance #PutTruthtoWork

Ethereum (ETH) core developer Tim Beiko outlined upcoming upgrades, including verification of network code and addition of new features, with the Spectra upgrade scheduled for the first quarter of 2025. The Spectra upgrade will involve several forks, with EIP-7702, proposed by ETH founder Vitalik Buterin, being a key component. EIP-7702 aims to enhance usability and security by allowing conversion of individual wallets (EOA) into smart contract wallets and enabling single-signature transactions. 💻🔄 #Bitcoinworld 🪙

Ether.Fi is a liquid restaking protocol on Ethereum. It offers a unique system that permits users to stake their assets while maintaining ownership of their keys by delegating the staking process. When assets are deposited into Ether.Fi, they are automatically re-staked through Eigenlayer. This process leverages staked ETH to bolster external platforms (such as rollups and oracles) with an economic security layer, thereby enhancing returns for ETH stakers. #ETHFI