SlowMist Analysis of Crypto Address Spoofing Attacks Examines Web3 Platform’s Security Vulnerabilities in Smart Contracts

On December 5, 2023, thirdweb, a Web3 foundational development platform, reported security vulnerabilities in its pre-built smart contracts.

As noted in a blog post by SlowMist, this issue affects all tokens “deployed using these pre-built smart contracts, including ERC20, ERC721, and ERC1155 tokens.”

Based on the research from the SlowMist security team, on December 7, 2023, the Time token on the Ethereum mainnet was “attacked due to this vulnerability, resulting in the attacker stealing approximately $190,000.”

Currently, many vulnerable token contracts are “still under attack.”

As mentioned in the update from SlowMist, they immediately “investigated this incident and these are their findings.”

As explained in a blog post, ERC-2771 is a standard “for meta-transactions. It allows users to delegate the execution of transactions to a third party, known as a Forwarder, commonly referred to as a relay or forwarder.”

In typical contract interactions, the address of the direct caller “is obtained using `msg.sender`. However, in the case of ERC-2771 implementation, if `msg.sender` is a forwarder role, the contract will truncate the incoming `calldata` and extract the last 20 bytes to use as the direct caller’s address for the transaction.”

The update from SlowMist further noted that Multicall is “a smart contract library designed to allow the batch execution of multiple function calls, thereby reducing transaction costs.”

This library is commonly used to “optimize the performance and user experience of DApps, especially when multiple read operations are required.”

From the code analysis, it can be “observed that the vulnerable contracts in the thirdweb project utilize the Multicall library by executing other functions in the contracts that reference this library through a loop of `DelegateCall` function calls.”

This approach is a key factor in “how the contracts interact with and process batched function calls.”

The root cause of the vulnerability “lies in the token contracts’ simultaneous use of ERC-2771 and the Multicall library.”

The SlowMist team pointed out that the attacker “exploits this by calling the `execute` function of the Forwarder contract to invoke the `multicall` function of the token contract, thereby executing other functions within the contract (such as burning tokens). This method successfully passes the `isTrustedForwarder` check of ERC-2771, ultimately interpreting the function caller as the last 20 bytes of the malicious `calldata`. As a result, the attacker deceives the contract into mistakenly recognizing the caller as another user’s address, leading to the burning of tokens belonging to other users.”

The fundamental cause of this attack “lies in the contract’s simultaneous use of Multicall and ERC2771Context. Attackers can insert malicious `calldata` into forwarding requests, exploiting the `delegatecall` functionality of Multicall to pass through trusted forwarder checks, and manipulate the interpretation of `_msgSender()` in sub-calls. This enables them to control tokens belonging to any user.”

The SlowMist security team advises developers “not to use Multicall and ERC2771Context together when programming token contracts.”

If there is a need to reference both, it is “crucial to check whether the `calldata` length meets the expectations or to use the latest official versions of Multicall and ERC2771Context contracts from OpenZeppelin.”


Register Now
Sponsored Links by DQ Promote

 

 

Send this to a friend