Full Report
The Mint function is used to create tokens. The Burn is a function used to destroy tokens. Both of these are standards with ERC20 tokens. This is the case with cryptoBurgers (BURG). BURG is a token based on the Binance Smartchain. The Mintand Burn functions should not be publicly callable. Normally, these are called internally once some operations has been performed, such as sending ETH to the platform in exchange for the token. The Burn function is external in the source code. This can be seen here. This allows the number of tokens in the pool to be arbitrary decreased. Why is this bad? This breaks the prices of AMMs and tokens pairs. Hospo token had the same exact vulnerability. This was exploited by doing a major burn on the token, syncing the price then performing a swap. Naturally, the price had been drastically manipulated upon doing this, giving them a major profit. The tool ethtx.info is used to make the transactions look real nice here! Overall, two really simple bugs; it's amazing this made it through an audit...
Analysis Summary
# Vulnerability: Publicly Accessible Burn Function in cryptoBurgers (BURG) Token
## CVE Details
- **CVE ID**: N/A (Standard for many smart contract vulnerabilities; often tracked via audit reports or blockchain security databases)
- **CVSS Score**: 9.1 (Critical) - *Estimated based on direct financial impact and ease of exploit.*
- **CWE**: CWE-287: Improper Authentication / CWE-284: Improper Access Control
## Affected Systems
- **Products**: cryptoBurgers (BURG) Smart Contract
- **Versions**: Production deployment on Binance Smart Chain (BSC)
- **Configurations**: Tokens utilizing the standard ERC20 implementation where administrative functions are incorrectly marked as `external` or `public` without access modifiers.
## Vulnerability Description
The implementation of the BURG token contains a critical logic flaw regarding access control. In a standard ERC20 environment, `mint` and `burn` functions are intended to be internal or restricted to authorized roles (such as a bridge or a governance contract).
In this specific case, the `burn` function was explicitly marked as `external` in the source code without any `onlyOwner` or equivalent access control modifiers. This allows any external actor to call the function and destroy tokens held in any address (including Liquidity Provider pools), leading to an artificial reduction in supply and direct manipulation of the token's valuation on Automated Market Makers (AMMs).
## Exploitation
- **Status**: Exploited in the wild (similar to the Hospo token exploit).
- **Complexity**: Low
- **Attack Vector**: Network (Blockchain Transaction)
## Impact
- **Confidentiality**: None
- **Integrity**: High (Unauthorized modification of token supply and pool balances)
- **Availability**: High (Can lead to total depletion of liquidity and "breaking" of the trading pair)
## Remediation
### Patches
- New contract deployment is required. The `burn` function must be updated to include an `onlyOwner` modifier or be changed to `internal` visibility.
- Ensure all sensitive state-changing functions are audited for visibility modifiers (e.g., using OpenZeppelin’s `Ownable` or `AccessControl` contracts).
### Workarounds
- For users: Immediate withdrawal of liquidity from affected pools.
- For developers: Use of a "Proxy" pattern (if implemented) to point to a corrected logic contract, or emergency pausing of the contract if a `pause` mechanism exists.
## Detection
- **Indicators of Compromise**: Large-scale `Burn` events initiated by non-administrative addresses; sudden, drastic spikes in token price followed by massive "Sync" events and swaps.
- **Detection methods and tools**:
- Static Analysis: Tools like **Slither** or **Mythril** would flag publicly accessible sensitive functions.
- Transaction Monitoring: Use of **ethtx.info** or **BscScan** to monitor direct calls to the `burn(address, amount)` function.
## References
- Transaction Analysis: hxxps://ethtx[.]info/
- Affected Project: cryptoBurgers (BURG) on Binance Smart Chain
- Comparative Vulnerability: Hospo Token Exploit Analysis