SolidityScan
HACK ANALYSIS 2 min read

Local Traders Hack Analysis — Missing Access Control

Local Traders Hack Analysis — Missing Access Control

Overview

On May 23, 2023, the P2P exchange, Local Traders, experienced an exploit due to a missing access control vulnerability on the BNB chain, leading to an approximate loss of 379.32 BNB.

Smart Contract Hack Overview:

Attackers address: 0xd771df

Vulnerable contract: 0x312dc3

Attacker Transactions: 0x49a303

Fig : Attacker’s Transaction

Decoding the Smart Contract Vulnerability:

  • The root cause of the issue was the absence of a permission check in the function 0xb5863c10.
  • This function can be called by anyone, allowing them to modify the owner.
  • The attacker took advantage of this vulnerability by setting himself as the owner.
  • By using the function 0x925d400c, the attacker manipulated the price of the $LCT tokens, setting it to 1.
Fig: 0x925d400c function used to manipulate the $LCT price
  • Finally, the attacker acquired LCT tokens at a reduced price. These tokens were later sold, resulting in a profit of around 379.32 BNB, equivalent to approximately $119,040.

Mitigation and Best Practices:

  • Introduce an access control mechanism that restricts the ability to perform certain operations only to authorized addresses or roles within the project. This ensures that only trusted entities can initiate the process.
  • Apply function modifiers to validate the permissions of the caller before executing critical operations. It is encouraged to utilize libraries from OpenZeppelin to ensure the usage of the “onlyOwner” modifier.
  • Always validate your code by writing comprehensive test cases that cover all the possible business logic.
  • To prevent such vulnerabilities, the best Smart Contract auditors must examine the Smart Contracts for logical issues. We at CredShields provide smart contract security and end-to-end security of web applications and externally exposed networks. Schedule a call at https://credshields.com/
  • Scan your Solidity contracts against the latest common security vulnerabilities with 130+ detections at SolidityScan, which includes the detections of Access Control vulnerabilities
SolidityScan — Smart Contract Vulnerability Scanner

Conclusion:

SolidityScan is an advanced smart-contract scanning tool that discovers vulnerabilities and reduces risks in code. Request a security audit with us, and we will help you secure your smart contracts. Signup for a free trial at https://solidityscan.com/signup

Follow us on our Social Media for Web3 security-related updates.
SolidityScan — LinkedIn | Twitter | Telegram | Discord

Sell Token Hack Analysis
Atlantis Loans Hack Analysis