See how they make token scams and steal people's assets and funds at the right time.
In the transferFrom function, superOperator ability to bypass the check related to having enough allowances. As a result, this person can transfer funds of all users to any address without having enough allowances.
```
if (_msgSender() != from && !_superOperators[_msgSender()] && _msgSender() != _operator) {
uint256 currentAllowance = _allowances[from][_msgSender()];
if (currentAllowance != ~uint256(0)) {
require(currentAllowance >= amount, "NOT_AUTHORIZED_ALLOWANCE");
_allowances[from][_msgSender()] = currentAllowance - amount;
}
}
_transfer(from, to, amount);
```
Web3SafetyOfficer
npub1rs…tlh6g
2024-09-09 18:37:44
Author Public Key
npub1rs7qlyv0a5xh0m6733dqymu409s4k70n0us4l8hrkudw3ltcncus2tlh6gSeen on
wss://relay.damus.ioPublished at
2024-09-09 18:37:44Event JSON
{
"id": "e3f1a4d30090e4806988772a03ca7fb8fd0eb935992efc2d919f276a03149b3c",
"pubkey": "1c3c0f918fed0d77ef5e8c5a026f9579615b79f37f215f9ee3b71ae8fd789e39",
"created_at": 1725899864,
"kind": 1,
"tags": [],
"content": "See how they make token scams and steal people's assets and funds at the right time.\n\nIn the transferFrom function, superOperator ability to bypass the check related to having enough allowances. As a result, this person can transfer funds of all users to any address without having enough allowances.\n\n```\n if (_msgSender() != from \u0026\u0026 !_superOperators[_msgSender()] \u0026\u0026 _msgSender() != _operator) {\n uint256 currentAllowance = _allowances[from][_msgSender()];\n if (currentAllowance != ~uint256(0)) {\n require(currentAllowance \u003e= amount, \"NOT_AUTHORIZED_ALLOWANCE\");\n _allowances[from][_msgSender()] = currentAllowance - amount;\n }\n }\n _transfer(from, to, amount);\n```",
"sig": "53bf5ad913b5e046c66bca496b4bc7cb7614c7dc7062efa82ffac1f247c83b3f83489da155cac4bea6714623d17e633f328027b0fffc04d7832b992114488f61"
}