Analysis of attack details
Analysis of attack details
The above are the details of the calling process of the entire attack process.
It can be seen that the entire attack process is very simple. The attacker calls the function with the function signature (0x40c10f19) in the proxy contract, and then ends the entire attack process. Since the function signature is unknown, we need to check what function the function signature corresponds to.
By checking the function signature, we found that this signature corresponds to the mint function. In other words, the attacker ends the attack process after directly calling the mint function. So at this point, we seem to be able to draw a vulnerability where the mint function is not authenticated and leads to arbitrary minting. Through the analysis of Etherscans token transfer process, it seems that this conjecture can also be supported.
But is that really the case?
In order to verify the idea of unauthenticated arbitrary coinage, we need to analyze the specific logic of the contract. Since Paid Network uses a contract upgradeable model, we need to analyze the specific logic contract (0xb8...9c7). But when we checked on Etherscan, we found that the logic contract was not open source.
At this time, in order to find out, we can only use decompilation to decode the logic of the contract. With the decompilation tool that comes with Etherscan, you can directly decompile the contract that is not open source. After decompiling, we discovered an amazing fact:
Summarize
Summarize
Attack transactions:
Reference link:
Attack transactions:
https://etherscan.io/tx/0x4bb10927ea7afc2336033574b74ebd6f73ef35ac0db1bb96229627c9d77555a0
