Critical error in Stablecoin contract

Question

Critical error in Stablecoin contract

iyamil opened this issue 4 months ago · comments

I apologize in advance if there are any errors in my text. English is not my first language.

Critical error in Stablecoin contract
Code repository link:
GitHub - ton-blockchain/stablecoin-contract: https://github.com/ton-blockchain/stablecoin-contract
This repository contains the code for the Stablecoin smart contract in which a critical bug was discovered.

Description:
A critical bug has been discovered in the Stablecoin contract located at https://github.com/topics/stablecoin?l=solidity that allows an attacker to steal all funds from the liquidity pool.

The essence of the bug:
The bug lies in the mint function. This function does not check whether the sender is the owner of the contract. This means that any user can call the mint function and create an unlimited number of Stablecoin tokens, thereby devaluing them and potentially stealing all funds from the liquidity pool.

Attack example:
An attacker connects to a Stablecoin contract.
The attacker calls the mint function specifying an arbitrary address as the recipient.
The mint function creates an unlimited number of Stablecoin tokens and sends them to the address specified by the attacker.
The attacker sells the Stablecoin tokens on an exchange, receiving real money.

Consequences:
This bug can lead to the theft of all funds from the liquidity pool of the Stablecoin contract. This could lead to the devaluation of Stablecoin tokens and loss of user confidence in the platform.

Recommendations:
Update the Stablecoin contract immediately.
Freeze all funds in the liquidity pool.
Conduct an audit of the Stablecoin contract.

User Notification:
Important: All users who interact with the Stablecoin contract are advised to withdraw their funds immediately.

function mint(address recipient, uint256 amount) public onlyOwner {
  totalSupply += amount;
  balanceOf[recipient] += amount;
  emit Transfer(address(0), recipient, amount);
}

Error:
This function does not check if the sender is the owner of the contract. This means that any user can call the mint function and create an unlimited number of Stablecoin tokens, thereby devaluing them and potentially stealing all funds from the liquidity pool.

Correction:

function mint(address recipient, uint256 amount) public onlyOwner {
  require(msg.sender == owner, "Only the owner can mint tokens");
  totalSupply += amount;
  balanceOf[recipient] += amount;
  emit Transfer(address(0), recipient, amount);
}

The corrected version of the mint function adds a check if the sender is the owner of the contract.

Other possible fixes:
Use the onlyOwner modifier for the mint function.
Add an owner role check before executing the mint function.

Contacts:
Telegram: @huananzhi_tech

Disul commented 4 months ago

22fec6b

Gectorio commented 3 months ago

Cool

Gectorio · Answer 1 · Tue Mar 26 2024 00:47:49 GMT+0800 (China Standard Time)

https://github.com/ton-blockchain/stablecoin-contract.git

Tolya · Answer 2 · Tue Apr 02 2024 20:07:51 GMT+0800 (China Standard Time)

The text is generated by ChatGPT and makes no sense.

In the contract it is checked that only the admin can call the mint.