lunaray
1 min readApr 11, 2022

--

Anyone in the Creat future contract can call the _transfer method to transfer tokens. When the administrator sets the useWhiteListSwith variable to false, the _transfer method will not judge whether msg.sender, from, and to are in the whitelist, that is, the from address It can be any address. The attacker can transfer the tokens by passing in the sender’s from as the address of others and to as the address of the transfer of funds under his control. At present, there are many addresses that have made profits, and it is not possible to determine which ones are Official addresses, some profitable addresses have transferred funds to the mixing platform Tornado.Cash.

The current contract administrator has set the useWhiteListSwith variable to true. Users who are not on the whitelist will not be able to use the _transfer method normally.

Blockchain
Vulnerability

--

--

lunaray

Written by lunaray

201 Followers

Lunaray takes a leading position in smart contract auditing and consulting service for blockchain security.

More from lunaray

See all from lunaray

Lists

Modern Marketing

33 stories139 saves

My Kind Of Medium (All-Time Faves)

43 stories73 saves

Best of The Writing Cooperative

67 stories67 saves
A search field with results below. In the background are book covers.

Now in AI: Handpicked by Better Programming

266 stories153 saves
See more recommendations

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech

Teams