Nice writeup! I think it’s worth noting that
batchTransfer isn’t a standard ERC20 function so only the contract owners which chose to implement it could be effected. Couple of questions:
batchTransferisn’t a standard implementation, did the other contracts you found share the same implementation or were they slightly different but vulnerable to the same exploit?
- If they were the same do you have any idea of the origin of the function? I tried to find any reference to a
batchTransferimplementation in zeppelin-solidity but there is none, as an example.
I’ve got a feeling that this could be something like an outsourced company who’s creating tokens for new companies with a vulnerable template.