The Dangers of Backdoors in ERC20 Smart Contracts: A closer look at the SAND token contract 🚪🔙⚠️🤔💻

February 5, 2023

Smart contracts on the Ethereum blockchain have revolutionized the way we think about decentralized applications, but with this innovation comes a new set of security concerns. One vulnerability that has been identified in smart contracts is the presence of “backdoors.” A backdoor is a hidden provision in the contract code that allows certain individuals to bypass security restrictions and perform actions that would not be allowed for regular users.

An example of a backdoor in a smart contract is the use of “super operators.” In the ERC20 SAND token contract code provided, a provision is made for super operators that can bypass certain restrictions on the transfer of tokens.

function transferFrom(address from, address to, uint256 amount)
    public
    returns (bool success)
{
    if (msg.sender != from && !_superOperators[msg.sender]) {
        uint256 currentAllowance = _allowances[from][msg.sender];
        if (currentAllowance != (2**256) - 1) {
            // save gas when allowance is maximal by not reducing it (see https://github.com/ethereum/EIPs/issues/717)
            require(currentAllowance >= amount, "Not enough funds allowed");
            _allowances[from][msg.sender] = currentAllowance - amount;
        }
    }
    _transfer(from, to, amount);
    return true;
}

The code above shows a function for transferring a specified amount of SAND tokens using the ERC20 standard using the Solidity programming language. The function checks that the sender of the message (msg.sender) is either the address from which the SAND tokens are being transferred or an address designated as a “super operator” (_superOperators[msg.sender]). If the sender is not from and not a super operator, the function checks that the sender has sufficient “allowance” (_allowances[from][msg.sender]) to make the transfer. If the allowance is sufficient, the allowance is reduced by the amount of the transfer. The function then calls a separate _transfer function and returns true.

However, the if statement if (msg.sender != from && !_superOperators[msg.sender]) allows certain individuals who are designated as a “super operator” to bypass this check and make the transfer without having the necessary allowance. This could be considered a backdoor, as it allows certain privileged individuals to perform actions that would not be allowed for regular users.

The presence of a backdoor like this in a smart contract can have serious consequences, such as financial losses for the holders of the token. To mitigate the risk of backdoors in smart contracts, it is important to thoroughly review and test the code before deploying it. This should include reviewing the code for any potential vulnerabilities, such as the use of super operators, and testing the contract in a variety of scenarios to ensure that it behaves as intended. It is also essential to keep the smart contract up-to-date with the latest security standards and best practices to protect against known vulnerabilities.

It is also important to be aware of who the developers and auditors of the contract are and their reputation in the community. Using reputable auditors and developers can help mitigate the risk of backdoors.

In conclusion, backdoors in smart contracts can have serious consequences and it is essential to be aware of them, and take the necessary steps to protect against them by thoroughly reviewing and testing the code.

Source: ERC20BaseToken.sol, lines 60-74