Security Vulnerability Discovered
Date of Report: 27th July 2017
Date of Discovery: 23rd July 2017
Impact : Low
Number of DGDs affected: 4162.2647
Number of addresses affected: 35
Post Impact: None
Signed PDF File of Report : https://drive.google.com/open?id=0B9TgodPfXwdcQVMxUEZvbXFncGs
On 20th of July, we received a support ticket from “Barry Whitehat” regarding a security vulnerability without a reply address. On 23rd of July, we received an email to our support email from Gustav Simonsson who mentioned that he has also discovered a security vulnerability. As we knew who he was, we contacted him by e-mail and phone to confirm his identity. He confirmed his identity and Digix got to work verifying the issue he had related immediately.
A bug in the DigixDAO Crowdsale Contract allowed an attacker to receive unclaimed DGD tokens.
In order for DGD participants to claim their DGD tokens, they were instructed to call the claim() function below.
This function call calls the claimFor() function and passes the msg.sender. This calls the DGD Token contract’s mint() function to create the coins on the DGD ERC20 token contract. In this line the DGD badges were correctly sent to the proper recipients (the address set in the _user variable) but the DGD tokens were sent to the msg.sender instead, allowing an attacker to receive unclaimed DGD tokens from the crowdsale.
The bug in question is in line 163 of our crowdsale contract.
What we did to figure out the impact of the exploit:Download full chain with state pruning turned off to allow us a comprehensive view of all transactions that have taken place on our DGD Crowdsale Contract.Look through the list of claimed / unclaimed dgdsFigure out who used the claimfor() functionIf address of claimee ≠ the originator of the claimfor() function : Added to sum total of DGDs lost.
DGDs secured by Whitehat (Gustav Simonsson)
Intended Recipients of Unclaimed DGDS DGDs
0x8343f7fab2fba94b283e614c2b1fe7d9cff20d2 13.6516 0xd2de658fa065eb7f219d2909acaf66dbb792f287 1.8139 0x291aac98b58085ddba002986e10c5ddddfc6d87d 0.6035 0x5280ab0d3feede140734f1cd0575b99e7cbceb6b 0.0051 0xb7ed63f49ac6ce3b9be57bef95919180846cc8ad 0.3519 0x94ac077c1f7e9b7e0e88307849ec70a05c577eab 3.621 0xb2b6bd7a90563426efd4e2afc42e97754b8d410b 0.3519 0x42a31a233db427d1e958c36de03e1cad8671a8f9 126.4613 0x60a70781f574a7097f4c4af2ab146847b96709c0 3.6108
Intended Recipients of Unclaimed DGDs DGDs
0x2b5c14e63bfcec798ee52cda05cb969ac07ff24a 28.8405 0x96d630ff852c213620c6e1a764f894266ce46342 3.6618 0xa6b0e2302e2fcfc7ea26003927cd06596e5cd765 3.6924 0xc2bf5401e138307e960c6cf2e29813e77b9e898b 190.179 0x6ba792ca37fc9967db37f635d4ef7a23d5823a3d 30.2311 0x168345ee9c4acfd3dc9ae629eb36ac0131a3b6e2 3.6431 0xa372682f9d233ffed4fb22ac29aa1b16d1079a2d 181.1282 0xa543a066fb32a8668aa0736a0c9cd40d78098727 3.621 0x52ec7088b671a74ff8ba2ece3d4ff250516dbffa 1221.0267 0x81a8c2a0042a920cfcf3f24322360a6647542912 12.4168 0xb12e955d0bd629480fbac3693e3f1159b225c73b 318.7823 0xeb3090f39ca19eb8f97b5969e1f9b7cd524ffdb7 724.5094 0x2042910df0d0bf226a896b4ccd9663c64b0104fe 181.1282 0x544186e3a8228487a261f0dce8fe578126113b7b 6.1659 0x858496896a51c9da0972ac5a82f24a8c04404cdf 17.3825 0xe056bf3ff41c26256fef51716612b9d39ade999c 35.8207 0x45a22890f6c9f46d0b06778a331256ee85aa4a0d 491.3782 0x60676d1fa21fca052297e24bf96389c5b12a70d7 12.1856 0xa79b7782bd78dae77aade96105a315d49ba1313f 3.6686 0x37d60138e7bdf663fff738b1993515d7500968b0 3.621 0xd94c9ff168dc6aebf9b6cc86deff54f3fb0afc33 3.6635 0x6635619fe0f7cd94f407eb46a710ed43001a58c2 126.82 0x9de79ffc2424be7f2caddefc744fa06be42ce2e7 79.6484 0x4a2bc2cf13d7d285d63ad46e4017985c93a7655a 314.9692 0xa1215883f5f3adaf9c827a48470a0a7f26949219 10.9463 0x3ebc802d0d6914e2c7f06d54fa90c030d11e0c8a 12.6633 Total 4021.7937
Why only ~4200 DGDs were affected:We only published a reduced version of the ABI to our users during the claim period to avoid confusion. The claimFor() function was not generally available to the regular user community.The first sign of the exploit was on block number 4,052,390. We believe our ETC redemption contract at block 3,800,000 attracted additional scrutiny on our crowdsale contract.
Impact of ExploitNo Ethers are at risk. The vulnerable code path does not have any Ether related functions.4162.2647 DGDs were affected. No more DGDs will be affected.No DGD proposer badges were affected
Post Impact:None. No longer Exploitable
Reimbursement for claimees
Digix will reimburse any claimees who can sign a 0 ETH transaction from the original recipient address to address 0xd3C826507E425d38937b6868DF60D90Dbd8C7B68