Security Vulnerability discovered — DigixDAO
Security Vulnerability Discovered
Date of Report: 27th July 2017
Date of Discovery: 23rd July 2017
Impact : Low
Number of DGDs affected: 4162.2647
Number of addresses affected: 35
Post Impact: None
Signed PDF File of Report : https://drive.google.com/open?id=0B9TgodPfXwdcQVMxUEZvbXFncGs
On 20th of July, we received a support ticket from “Barry Whitehat” regarding a security vulnerability without a reply address. On 23rd of July, we received an email to our support email from Gustav Simonsson who mentioned that he has also discovered a security vulnerability. As we knew who he was, we contacted him by e-mail and phone to confirm his identity. He confirmed his identity and Digix got to work verifying the issue he had related immediately.
A bug in the DigixDAO Crowdsale Contract allowed an attacker to receive unclaimed DGD tokens.
In order for DGD participants to claim their DGD tokens, they were instructed to call the claim() function below.
This function call calls the claimFor() function and passes the msg.sender. This calls the DGD Token contract’s mint() function to create the coins on the DGD ERC20 token contract. In this line the DGD badges were correctly sent to the proper recipients (the address set in the _user variable) but the DGD tokens were sent to the msg.sender instead, allowing an attacker to receive unclaimed DGD tokens from the crowdsale.
The bug in question is in line 163 of our crowdsale contract.
What we did to figure out the impact of the exploit:
- Download full chain with state pruning turned off to allow us a comprehensive view of all transactions that have taken place on our DGD Crowdsale Contract.
- Look through the list of claimed / unclaimed dgds
- Figure out who used the claimfor() function
- If address of claimee ≠ the originator of the claimfor() function : Added to sum total of DGDs lost.
DGDs secured by Whitehat (Gustav Simonsson)
Intended Recipients of Unclaimed DGDS DGDs
Intended Recipients of Unclaimed DGDs DGDs
Why only ~4200 DGDs were affected:
- We only published a reduced version of the ABI to our users during the claim period to avoid confusion. The claimFor() function was not generally available to the regular user community.
- The first sign of the exploit was on block number 4,052,390. We believe our ETC redemption contract at block 3,800,000 attracted additional scrutiny on our crowdsale contract.
Impact of Exploit
- No Ethers are at risk. The vulnerable code path does not have any Ether related functions.
- 4162.2647 DGDs were affected. No more DGDs will be affected.
- No DGD proposer badges were affected
- None. No longer Exploitable
Reimbursement for claimees
Digix will reimburse any claimees who can sign a 0 ETH transaction from the original recipient address to address 0xd3C826507E425d38937b6868DF60D90Dbd8C7B68