Tron2steem Bug Fix: Filter out TRC-10 Tokens

in witness-category •  2 days ago 

Critical Bug Identified:

The transaction processing logic for Tron2STEEM Swap did not filter out TRC-10 token transfers, which was a severe oversight. In theory, this vulnerability could be exploited to trigger unintended swaps, leading to significant financial losses.

Impact:

  • Exploitation Risk: Malicious users could craft transactions with TRC-10 tokens (other than TRX) to mimic legitimate swap requests, draining the system's resources.
  • Incorrect Transaction Handling: Non-TRX token transfers were being processed incorrectly, potentially polluting the database with invalid records.
  • Financial Losses: Triggering swaps on TRC-10 tokens might result in losses due to unintended conversions or incorrect exchange rate calculations.

Fix Summary:

To mitigate this issue, a strict filter has been added to process only TRX or USDT, USDD transactions by verifying the transaction's contract type.

for (let tx of currentPageTransactions) {             
    // Check if the transaction is a TRX transfer (TransferContract)
    const contractType = tx.raw_data.contract[0].type;
    if (contractType !== "TransferContract") {
        console.log(`Skipping non-TRX transaction: ${contractType}`);
        continue;
    }
    // the rest of the code

Key Changes in Code:

  • Added Contract Type Validation: Ensures only transactions with TransferContract (TRX transfers) are processed. Transactions involving TransferAssetContract (TRC-10 tokens) are now skipped.
  • Improved Logging: Logs are updated to highlight when non-TRX transactions are filtered out for traceability.

image.png

Steem to the Moon🚀!

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE BLURT!