A disastrous vulnerability found in smart contracts of BeautyChain (BEC)

The team of BeautyChain announced yesterday that BEC tokens experienced abnormal fluctuations on 22 April. The team got noticed when attackers were dumping huge amount of BECs in an exchange. The attackers had successfully got 10^58 BECs exploiting a vulnerability caused by integer overflowing. Here we can see the contract code. The buggy contract is an extension of a standard EIP20 token contract. The disastrous bug is very easy to nail down in the function of batchTransfer().

batchTransfer function

This function batchTransfer(..) allows users to invoke multiple transfers to different recipients in one step. The first argument is a dynamic array of address, and the other is the amount of tokens sent to each. Two "require" checkers try to ensure the balance of the sender be valid. It is obvious that the following line is susceptible to integer overflow.

In the attacking happened, the hacker invoked the function with an array of length 2, and _value=0x8000000000000000000000000000000000000000000000000000000000000000, According to ABI-Eth, the first uint256 denotes the address of the dynamic array, which actually starts from 3rd uint256 with the length of the array, 2. Then two addresses follows. Thus the value of amount becomes zero, which is obviously less than any balance. Yes, it goes through the checkers. In the loop, each of two receivers will get 0x8000000000000000000000000000000000000000000000000000000000000000 value of BEC. Theoretically, the bug allows users to withdraw unlimited BEC.

Input Data
Use REAL SafeMath to handle overflow

The attacking transactions can be found here.

Transactions
Accounts

The tokens stolen would have been caused disasters, the price of BEC at that time was around $0.3 each. Fortunately, the hacker hadn’t sold much before the dev-team paused the contract. The market reacted by price-plunging.

price-plunging

Today, BEC dev-team announced that they will relaunch the patched contract.

We (BeautyChain, quoted) will release new smart contracts as soon as possible. In order to safeguard the interests of everyone, we have reached an agreement with the OKEx Exchange. The trade fair will roll back to 13:18 on April 22, after this time all transactions generated in the Beauty Chain will be Cancellation …

However, this isn’t the end of the whole story. We scanned all of the deployed smart contract on Ethereum by checking the function signature 0x83f12fec and found out that there are 12 more contracts that are identical to the buggy contract from BEC. Some of those are from different dev teams. We signaled them by dropping emails already. But it is weird. Presumably, all of the code might be from the same author, who unintentionally (or intentionally?) leaved only this important line of code unprotected by SafeMath. At least, the author knows of integer overflow issues.

Smart contract related vulnerabilities are unsurprisingly going to grow if Dapps get more developers and users. Despite the fact that the size of smart contracts are small, the intrinsic complexity is brought from both the language and the blockchain system. The smart contracts are needed to be audited, or even formally verified. In the case, integer-overflow is the origin of the issue, while the result is that the total supply of tokens is able to be increased unlimitedly.


SECBIT was founded by a group of cryptocurrency-enthusiasts. We are doing research on smart contract security, smart contract formal verification, crypto-protocols, compilation, contract analysis, game theory and crypto-economics.