Bitcoin
Bitcoin (BTC)
$101,528.00 0.79893
Bitcoin price
Ethereum
Ethereum (ETH)
$3,933.72 3.42047
Ethereum price
BNB
BNB (BNB)
$718.77 3.13826
BNB price
Solana
Solana (SOL)
$230.90 0.41528
Solana price
XRP
XRP (XRP)
$2.41 -0.01721
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000287 -0.04796
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000245 -0.65053
Pepe price
Bonk
Bonk (BONK)
$0.0000397 1.67508
Bonk price
dogwifhat
dogwifhat (WIF)
$3.08 -0.31079
dogwifhat price
Popcat
Popcat (POPCAT)
$1.25 -2.34109
Popcat price
Bitcoin
Bitcoin (BTC)
$101,528.00 0.79893
Bitcoin price
Ethereum
Ethereum (ETH)
$3,933.72 3.42047
Ethereum price
BNB
BNB (BNB)
$718.77 3.13826
BNB price
Solana
Solana (SOL)
$230.90 0.41528
Solana price
XRP
XRP (XRP)
$2.41 -0.01721
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000287 -0.04796
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000245 -0.65053
Pepe price
Bonk
Bonk (BONK)
$0.0000397 1.67508
Bonk price
dogwifhat
dogwifhat (WIF)
$3.08 -0.31079
dogwifhat price
Popcat
Popcat (POPCAT)
$1.25 -2.34109
Popcat price
Bitcoin
Bitcoin (BTC)
$101,528.00 0.79893
Bitcoin price
Ethereum
Ethereum (ETH)
$3,933.72 3.42047
Ethereum price
BNB
BNB (BNB)
$718.77 3.13826
BNB price
Solana
Solana (SOL)
$230.90 0.41528
Solana price
XRP
XRP (XRP)
$2.41 -0.01721
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000287 -0.04796
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000245 -0.65053
Pepe price
Bonk
Bonk (BONK)
$0.0000397 1.67508
Bonk price
dogwifhat
dogwifhat (WIF)
$3.08 -0.31079
dogwifhat price
Popcat
Popcat (POPCAT)
$1.25 -2.34109
Popcat price
Bitcoin
Bitcoin (BTC)
$101,528.00 0.79893
Bitcoin price
Ethereum
Ethereum (ETH)
$3,933.72 3.42047
Ethereum price
BNB
BNB (BNB)
$718.77 3.13826
BNB price
Solana
Solana (SOL)
$230.90 0.41528
Solana price
XRP
XRP (XRP)
$2.41 -0.01721
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000287 -0.04796
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000245 -0.65053
Pepe price
Bonk
Bonk (BONK)
$0.0000397 1.67508
Bonk price
dogwifhat
dogwifhat (WIF)
$3.08 -0.31079
dogwifhat price
Popcat
Popcat (POPCAT)
$1.25 -2.34109
Popcat price

PayPal’s stablecoin has wallet freezing and wiping functions

paypals-stablecoin-has-wallet-freezing-and-wiping-functions
Edited by
News
PayPal’s stablecoin has wallet freezing and wiping functions

An analysis of the smart contract of the just-launched PayPal stablecoin PYUSD revealed the presence of so-called “centralization attack vectors.”

Smart contract security auditor Pashov pointed out in a recent Twitter thread that PYUSD’s contract has an ‘assetProtection’ role. It can wipe your balance in two transactions: first ‘freeze,’ then ‘wipeFrozenAddress.’

The reason why this is seen as an attack vector is that such a feature increases the damage that potential attackers can do if they managed to access it.

Pashov noted that PYUSD has six decimals, and uses Solidity compiler version 0.4.24. More interestingly, this smart contract does not “implement EIP-712 as the standard expects you to.”

What is EIP-712

Ethereum Improvement Proposal 712 or EIP-712 is a 2017 standard that allows Ethereum wallets like MetaMask to display structured and readable data in signing prompts instead of just hexadecimal strings. This makes it easier for users to verify the actual data they are signing, improving security and usability.

To implement EIP-712, developers need to define data structures and create a domain separator to prevent signature collisions between dapps. They also need to write signing code for their dapp to interface with the user’s wallet, write contract code to hash the data structures, and verify signatures on-chain using ecrecover. Overall, EIP-712 allows users to better understand what they are signing and prevents phishing attacks.

Ecrecover is an EVM precompile in Solidity that allows contracts to verify signatures of off-chain data. It takes a hash and an elliptic curve signature comprised of v, r, and s, and returns the Ethereum address that was used to sign the data, verifying the signature is valid. This allows building use cases like meta-transactions and permit tokens.

There are different standards for signing data like eth_sign, personal_sign, and EIP-712. EIP-712 is the recommended way for contracts to accept signed data as it provides protection against misuse and replay attacks. It involves hashing specific contract data like chain ID along with the message data itself. OpenZeppelin contracts provide secure implementations of ecrecover and EIP-712 signing. Overall, ecrecover enables contracts to cryptographically verify signed data from off-chain sources.

Freezing and balance-wiping features may be surprising to those in the crypto space who expect assets to be entirely under the control of the owners.

Still, smart contract-based tokens have allowed for such features for some time, and those features are pretty typical of centralized stablecoins.

“Newsflash: USDT & USDC both have similar attack vectors as well. I thought this one might be different, but it really isn’t,” Pashov commented.