See original
LIVE
奔跑财经-FinaceRun
--
PayPal Stablecoin PYUSD Gets Wallet Freeze and Wipe Functionality
Analysis of the just-launched PayPal stablecoin PYUSD smart contract reveals the existence of so-called “centralized attack vectors.”
Smart contract security auditor Pashov noted in a recent Twitter post that PYUSD’s contract has an “asset protection” role. It wipes your balance in two transactions: first "Freeze" and then "Wipe FrozenAddress".
The reason this is considered an attack vector is that this functionality increases the damage a potential attacker can cause if they manage to access it.
Pashov noted that PYUSD has six decimal places and uses Solidity compiler version 0.4.24. What’s more interesting is that this smart contract does not “implement EIP-712 as expected by the standard.”
Smart contract security auditor Pashov noted in a recent Twitter post that PYUSD’s contract has an “asset protection” role. It wipes your balance in two transactions: first "Freeze" and then "Wipe FrozenAddress".
The reason this is considered an attack vector is that this functionality increases the damage a potential attacker can cause if they manage to access it.
Pashov noted that PYUSD has six decimal places and uses Solidity compiler version 0.4.24. What’s more interesting is that this smart contract does not “implement EIP-712 as expected by the standard.”
Disclaimer: Includes third-party opinions. No financial advice. May include sponsored content. See T&Cs.
Replies 0
