Web3SafetyOfficer on Nostr: See how they make token scams and steal people's assets and funds at the right time. ...
See how they make token scams and steal people's assets and funds at the right time.
In the transferFrom function, superOperator ability to bypass the check related to having enough allowances. As a result, this person can transfer funds of all users to any address without having enough allowances.
```
if (_msgSender() != from && !_superOperators[_msgSender()] && _msgSender() != _operator) {
uint256 currentAllowance = _allowances[from][_msgSender()];
if (currentAllowance != ~uint256(0)) {
require(currentAllowance >= amount, "NOT_AUTHORIZED_ALLOWANCE");
_allowances[from][_msgSender()] = currentAllowance - amount;
}
}
_transfer(from, to, amount);
```
Published at
2024-09-09 18:37:44Event JSON
{
"id": "e3f1a4d30090e4806988772a03ca7fb8fd0eb935992efc2d919f276a03149b3c",
"pubkey": "1c3c0f918fed0d77ef5e8c5a026f9579615b79f37f215f9ee3b71ae8fd789e39",
"created_at": 1725899864,
"kind": 1,
"tags": [],
"content": "See how they make token scams and steal people's assets and funds at the right time.\n\nIn the transferFrom function, superOperator ability to bypass the check related to having enough allowances. As a result, this person can transfer funds of all users to any address without having enough allowances.\n\n```\n if (_msgSender() != from \u0026\u0026 !_superOperators[_msgSender()] \u0026\u0026 _msgSender() != _operator) {\n uint256 currentAllowance = _allowances[from][_msgSender()];\n if (currentAllowance != ~uint256(0)) {\n require(currentAllowance \u003e= amount, \"NOT_AUTHORIZED_ALLOWANCE\");\n _allowances[from][_msgSender()] = currentAllowance - amount;\n }\n }\n _transfer(from, to, amount);\n```",
"sig": "53bf5ad913b5e046c66bca496b4bc7cb7614c7dc7062efa82ffac1f247c83b3f83489da155cac4bea6714623d17e633f328027b0fffc04d7832b992114488f61"
}