Significant Vulnerability Found in Tether Gold (XAUt) Smart Contract!

BlockSec, a cryptocurrency security company, has uncovered a vulnerability in its Tether Gold (XAUt) smart contract that could allow anyone to transfer XAUt tokens to a predefined address.

The company said it discovered the vulnerability on April 5 using its internal analytics tool and reported it to the Tether Gold team, which confirmed they had found the issue internally. BlockSec reported that the vulnerability has been fixed as of today.

Due to Vulnerability Hackers Could Manipulate Tether Gold Token Price

The vulnerability was contained in the transferFrom function of the Tether Gold contract, which is supposed to enable authorized users to transfer XAUt tokens from one address to another. However, BlockSec has found that anyone can activate this functionality to transfer other users' tokens to a trusted credit address defined by the token holder.

BlockSec explained that although this vulnerability cannot be used directly to transfer tokens to the attacker's own account, it can be used to manipulate the token price in a liquidity pool (such as WETH-XAUt) and profit from it.

BlockSec said the fix for this vulnerability is simple and includes adding a require statement to check if the sender is authorized before performing the transfer.

Before the vulnerability was patched, BlockSec forked at block 17038763, showing how to transfer ownership of the Tether Gold contract, add an authorized account, and use the transferFrom function to steal XAUt tokens from a victim.

*Not investment advice.

Follow our Telegram and Twitter account now for exclusive news, analytics and on-chain data!