Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add bad-transferfrom-access-control rule #67

Merged
merged 3 commits into from
Aug 29, 2024
Merged

add bad-transferfrom-access-control rule #67

merged 3 commits into from
Aug 29, 2024

Conversation

morsiiik
Copy link
Contributor

No description provided.

@Raz0r
Copy link
Collaborator

Raz0r commented Aug 15, 2024

Please check the following false positives:

  1. When a token overrides transferFrom and calls super: super.transferFrom(_from, _to, _value) https://arbiscan.io/address/0x00207cdc7b29c9ed857dace7311c713a054185dd

  2. Second argument to is not controlled: transferFrom(_fundingAccount, address(this), _amount) https://arbiscan.io/address/0x005906f3bC2d756CdF9e49930BCa4bfB76a80246#code

  3. There is some access control validation, e.g. onlyOwner, you can try to use pattern-sanitizers, example (https://arbiscan.io/address/0x01e9B35785eF3f7Ef2677c371442976bd550f320):

 function pluginTransfer(address _token, address _account, address _receiver, uint256 _amount) external override {
        _validatePlugin(_account);
        IERC20(_token).safeTransferFrom(_account, _receiver, _amount);
 }

@Raz0r Raz0r added this pull request to the merge queue Aug 29, 2024
Merged via the queue into master with commit ffb49be Aug 29, 2024
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Raz0r Raz0r Raz0r approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@morsiiik @Raz0r