SwapX hack analysis — Improper Access Control

Overview:

Due to poor access control on the “approval” function, which let attackers approve their contract and force trades on the victim’s behalf, a BSC chain attack on February 27, 2023, caused a loss to swapX of almost $1M.

Smart Contract Hack Overview:

• Attacker’s initial Transaction: 0xf3a5d37
• Attacker’s Transaction: 0x3ee23c158
• Attacker’s Address: 0x7d192fa3a
• Attacker’s Contract: 0xc4bea60f
• Victim’s Contract: 0x6d8981847
• SwapProxy Contract: 0x0ccee62ef

Attacker’s Transaction

Decoding the Smart Contract Vulnerability:

• First, the attacker exchanged 0.06 BNB for its 1M DND counterpart. The DND tokens were then frequently switched between BUSD, WBNB, and DND.

• The implementation contract’s ‘0x4f1f05bc’ function had insufficient access control, which allowed the attacker to convert BUSD to DND on behalf of the victim. The users who had authorized the implementation contract to exchange tokens on their behalf in the past were the victims. Attackers did this repeatedly, which caused the price of DND tokens to rise.

• As a result, the entire hack cost the users of swapX $1,000,000, and the attacker destroyed the attack contract as soon as the attack was over due to self-destruct.

Mitigation and Best Practices:

• The implementation contract’s susceptible function needs the appropriate modifiers and user input validation.
• Access control modules are provided by OpenZeppelin for creating role-based access control. Its application is simple: for each role that you wish to design, you will create a new role identifier that will be used to grant, revoke, and verify if an account has that role.
• Access control measures must be appropriately implemented in the contract so that sensitive functions are not exposed externally.
• To prevent such vulnerabilities, the best Smart Contract auditors must examine the Smart Contracts for logical issues. We at CredShields provide smart contract security and end-to-end security of web applications and externally exposed networks. Schedule a call at https://credshields.com/
• Scan your Solidity contracts against the latest common security vulnerabilities with 130+ detection at SolidityScan including access control vulnerabilities.

SolidityScan — Smart Contract Vulnerability Scanner

Conclusion:

SolidityScan is an advanced smart-contract scanning tool that discovers vulnerabilities and reduces risks in code. Request a security audit with us, and we will help you secure your smart contracts. Signup for a free trial at https://solidityscan.com/signup

Follow us on our Social Media for Web3 security-related updates.
SolidityScan — LinkedIn | Twitter | Telegram | Discord