One cryptocurrency security company BlockSec, Tether Gold (XAUt) revealed a vulnerability in its smart contract that could allow an attacker to transfer XAUt tokens to a predefined address.
The company said it discovered the vulnerability on April 5 using its internal analytics tool and reported it to the Tether Gold team, which confirmed they had found the issue internally. BlockSec reported that the vulnerability has been fixed as of today.
Due to Vulnerability Hackers Could Manipulate Tether Gold Token Price
The vulnerability was contained in the transferFrom function of the Tether Gold contract, which is supposed to enable authorized users to transfer XAUt tokens from one address to another. However, BlockSec has found that anyone can enable this functionality to transfer other users’ tokens to a trusted credit address defined by the token holder.
BlockSec explained that although this vulnerability cannot be used directly to transfer tokens to the attacker’s own account, it can be used to manipulate the token price in a liquidity pool (such as WETH-XAUt) and profit from it.
BlockSec said the fix for this vulnerability is simple and includes adding a require statement to check if the sender is authorized before performing the transfer.
Before the vulnerability was patched, BlockSec forked at block 17038763, showing how to transfer ownership of the Tether Gold contract, add an authorized account, and use the transferFrom function to steal XAUt tokens from a victim.
*Not investment advice.
For exclusive news, analytics and on-chain data Telegram our group, twitter our account and YouTube Follow our channel now! Moreover Android And iOS Start live price tracking right now by downloading our apps!