Platform: Code4rena
Start Date: 03/05/2022
Pot Size: $75,000 USDC
Total HM: 6
Participants: 55
Period: 7 days
Judge: Albert Chon
Total Solo HM: 2
Id: 116
League: COSMOS
Rank: 31/55
Findings: 1
Award: $188.29
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0x1337, 0x1f8b, 0xDjango, 0xkatana, AmitN, CertoraInc, Dravee, Funen, GermanKuber, GimelSec, Hawkeye, JC, MaratCerby, WatchPug, Waze, broccolirob, cccz, ch13fd357r0y3r, cryptphi, danb, defsec, delfin454000, dipp, dirk_y, ellahi, gzeon, hake, hubble, ilan, jah, jayjonah8, kebabsec, kirk-baird, m9800, orion, oyc_109, robee, shenwilly, simon135, sorrynotsorry
188.2942 USDC - $188.29
The attacker could create the Fake Cosomos ERC20 token. If Gravity.sol is on-chain before the deployment of Real Cosmos ERC20 token, the impact is worse.
Anyone Could Call deployERC20() function and deploy the Fake Cosmos ERC20 Token.
Below Snipped is Vulnerable:
function deployERC20( string memory _cosmosDenom, string memory _name, string memory _symbol, uint8 _decimals ) public { // Deploy an ERC20 with entire supply granted to Gravity.sol CosmosERC20 erc20 = new CosmosERC20(address(this), _name, _symbol, _decimals); // Fire an event to let the Cosmos module know state_lastEventNonce = state_lastEventNonce.add(1); emit ERC20DeployedEvent( _cosmosDenom, address(erc20), _name, _symbol, _decimals, state_lastEventNonce ); }
Can Implement AccessControl on deployERC20() function.
#0 - V-Staykov
2022-05-11T12:24:18Z
Duplicate of #24
#1 - albertchon
2022-05-18T22:20:21Z
Not a bug, this is by design
#2 - JeeberC4
2022-05-19T18:30:29Z
Creating QA Report for warden as judge downgraded issue. Preserving original title: Anyone Can deploy the Cosomos ERC20 Contract.