Function Call With Incorrect Variable or Reference as Argument
| Property | |
|---|---|
| Language | solidity |
| Severity |  |
| CWE | CWE-688: Function Call With Incorrect Variable or Reference as Argument |
| Confidence Level | High |
| Impact Level | High |
| Likelihood Level | High |
Description#
The transferFrom() function incorrectly handles allowance checks, allowing a user to spend tokens on behalf of other accounts without proper authorization. This flaw lets attackers exploit allowance logic to misuse or drain tokens from accounts that did not intend to approve them.
Impact#
If exploited, an attacker could steal tokens from users by spending their allowances without permission, potentially leading to significant financial loss. This undermines trust in the contract and could result in large-scale theft or disruption of the token ecosystem.