A vulnerability which gets exploited everyfew months and results in millions of $ stolen.
This vulnerability was yesterday activelyexploited in the @SenecaUSD
Protocol, highlighting the persistentthreat it poses to smart contract security. However, unfortunately it happensevery few months.
We can do better and here’s a writeup thatwill help you finding such an issue in future
At its core, malicious approval consumptioninvolves an attacker exploiting existing approvals granted to a contract. Byinvoking the transferFrom function on behalf of the contract, the attacker canillicitly transfer assets from victims. This mechanism is surprisingly simpleyet highly effective, making it a favored approach among malicious actors.
Three primary scenarios illustrate howattackers execute this exploit:
This scenario allows an attacker to exploitan unguarded function to make arbitrary calls. For example, if a contract,inadvertently allows unrestricted calls, an attacker could callUSDC.transferFrom or USDC.transfer (if the contract holds funds) to siphonassets. This lack of safeguards often stems from oversight and is a frequentcause of security breaches. This is what happened yesterday to @SenecaUSD.
In some cases, even functions with somelevel of protection can be exploited. A notable example is the exploit thathappened to the
@SushiSwap router, months ago, uncoveredby @trust__90, where the absence ofspecific checks (like pair validation) allowed attackers to misuse thetransferFrom function with arbitrary addresses.
These exploits are more sophisticated andrequire a deeper understanding of the contract's logic to execute.
Delegatecall, if improperly guarded, canopen up contracts to severe vulnerabilities. This was the case in a liveprotocol I audited 1-2 months ago, where an unguarded delegatecall allowed anattacker to execute any functionality, exploiting existing approvals.
The @0xPaladinSec team successfullymitigated this issue within minutes and assisted the client in redeployingtheir router with the corresponding fix. Special thanks to @paladin_marco foracting promptly.
Such vulnerabilities are particularlydangerous as they grant attackers wide-ranging control over the contract'sexecution.
Regardless of the specific root-cause,attackers will always follow the same pattern:
To identify contracts with existingapprovals and drain the victims' assets.
This tactic underscores the importance ofrigorous and repetitive audits, even the smallest update must be checked bymultiple auditors. Especially now with the bull market knocking on the door.
For developers and auditors, understandingand identifying these vulnerabilities is crucial. When auditing contracts,especially those involving routers or approval mechanisms, here are some keyconsiderations:
Guard Against Arbitrary Calls: Ensure thatfunctions cannot be exploited to make unintended calls. Use explicit permissionchecks and validate inputs rigorously.
Validate Pairings and Addresses: Implementchecks to strictly validate input parameters, specifically for such routersthat are implementing callback logic.
Secure Delegatecall Use: Be cautious withdelegatecall, ensuring it's used in a controlled manner, with explicitsafeguards against unauthorized execution. Try to avoid delegatecalls ifpossible.
Conclusion Malicious approval consumptionremains a potent threat to smart contract security, as evidenced by its recentexploitation in the @SenecaUSD Protocol. By understanding the nuances of thisexploit and implementing robust security measures, developers can fortify theircontracts against such vulnerabilities. Vigilance, thorough auditing, and adeep understanding of smart contract mechanics are essential in the ongoingbattle against malicious actors.
