Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unreliable authorization check in op::burn_notification() #37

Open
esuwu opened this issue Aug 6, 2024 · 1 comment
Open

Unreliable authorization check in op::burn_notification() #37

esuwu opened this issue Aug 6, 2024 · 1 comment

Comments

@esuwu
Copy link

esuwu commented Aug 6, 2024

Hi everyone! I was looking at the Jetton burn function and noticed a strange authorization check. It seems to me that it could be a security issue.

token-contract/ft/jetton-minter.fc:75

            equal_slices(calculate_user_jetton_wallet_address(from_address, my_address(), jetton_wallet_code), sender_address));

This line checks whether the sender is authorized to burn tokens. However, from_address is the payload parameter fully controlled by the sender. So this check is literally saying this: "Do you know "from_address" such that its hash(from_address, my_address) is equal to your actual address "sender_address". It seems to me that instead of provoking an attacker to guess such a payload to bypass the check, it could be better to:

  1. precompute the wallet address as hash(sender_address, my_address(), jetton_wallet_code)
  2. save it, and when checking for authorization, check that hash(sender_address, my_address(), jetton_wallet_code) == saved_hash

The proposed option is "something you are." Other options could include "something you know," "secret," etc.

In a nutshell:
The throw check can be bypassed if an attacker can craft the payload such that sender_address matches the calculated must_be_address = calculate_user_jetton_wallet_address(from_address, my_address(), jetton_wallet_code). What's more, it can be guessed offline.

Please correct me if I'm wrong and thank you for your time.
@MMujtabaRoohani-BlockApex
Copy link

It seems to me, you are mistaking here0

So this check is literally saying this: "Do you know from_address such that its hash(from_address, my_address) is equal to your actual address sender_address".

the calculate_user_jetton_wallet_address(from_address, my_address(), jetton_wallet_code) is not an ordinary hash, it gives the deterministic address of the jetton wallet associated with the from_address. Hence the check says, "Are you really the jetton wallet of the person you claim".

Although by Pigeonhole Principle, it is theoretically possible to find an address of an arbitrary contract such that calculate_user_jetton_wallet_address(from_address, my_address(), jetton_wallet_code) is the contract address but it is practically impossible given the security of the hashing scheme used and the length of the address (hash) we want to brute force.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@esuwu @MMujtabaRoohani-BlockApex