This attack may be due to the theft of the private key of the address, or other reasons, which caused the attacker to directly call the function to perform arbitrary coinage, which once again sounded the alarm for the issue of excessive authority.
Original Title: “Coin Suspicious Clouds——Analysis of the Details of Paid Network Stolen”
Written by: SlowMist Security Team
According to reports, the Ethereum DApp project Paid Network was under attack. The attacker minted nearly 160 million U.S. dollars in PAID tokens through contract vulnerabilities and made a profit of 2,000 ETH (about 3 million U.S. dollars). The SlowMist security team followed up and analyzed it at the first time, and now we will analyze the details for your reference.
Attack details analysis
The above is the call flow details of the entire attack process.
It can be seen that the entire attack process is very simple. The attacker ends the entire attack process by calling the function with the function signature (0x40c10f19) in the proxy contract. Since the signature of this function is unknown, we need to check what function the signature of this function corresponds to.
By consulting this function signature, we found that this signature corresponds to the mint function. In other words, the attacker ends the attack process after directly calling the mint function. So here, we seem to be able to draw a loophole that mint function is not authenticated and leads to arbitrary coinage. Through the analysis of Etherscan’s token transfer process, it seems that this conjecture can also be supported.
But is this really the case?
In order to verify the idea of ​​unauthorized minting, we need to analyze the specific logic of the contract. Since Paid Network uses a contract upgradeable model, we need to analyze the specific logical contract (0xb8…9c7). But when we checked on Etherscan, we found that the logic contract was not open source.
At this time, in order to find out, we can only use decompilation to decode the logic of the contract. Through Etherscan’s built-in decompilation tool, you can directly decompile contracts that are not open source. After decompilation, we discovered an amazing fact:
Through decompilation, it is not difficult to find that the mint function of the contract is authenticated, and this address is the address of the attacker (0x187…65be). So why is a function with authentication stolen? Since the contract is open source, it is impossible to view more specific logic, and can only be analyzed based on the existing situation. Our analysis may be that the private key of the address (0x187…65be) was stolen, or other reasons caused the attacker to directly call the mint function for arbitrary coin minting.
to sum up
Although the attack process was simple, after detailed analysis, there were amazing discoveries. At the same time, this attack once again sounded the alarm for the issue of excessive authority. If the authentication given by the mint function this time is a multi-signature address or uses other methods to distribute permissions, then this attack will not occur.
Reference link:
Attack transaction:
https://etherscan.io/tx/0x4bb10927ea7afc2336033574b74ebd6f73ef35ac0db1bb96229627c9d77555a0
Disclaimer: As a blockchain information platform, the articles published on this site only represent the author’s personal views, and have nothing to do with the position of ChainNews. The information, opinions, etc. in the article are for reference only, and are not intended as or regarded as actual investment advice.
