Malicious External Call
Flags contracts which calls external contract during token transfers, approvals and allowances
Context and definitions
#
- External call
- External calls are function calls that a smart contract makes to another smart contract.
Use caution when making external calls
- Calls to untrusted contracts can introduce several unexpected risks or errors.
- External calls may execute malicious code in that contract or any other contract that it depends upon.
- As such, every external call should be treated as a potential security risk.
- The use of external calls specially in transfers, approvals and allowances should be noted with high risk .
Reference article from Blockfence
#
$32M Stolen: Over 1,300 Fake Tokens Rugged (Full Investigation)
Look out for external calls being done to other contracts in functions like _transfer() , approve() , etc
https://etherscan.io/token/0x25e0d545b4733e051e2edca12ae5b7366d773549#code
- Inside
_transfer()external call to contracthhxnnadsais being done to get balances, which is the root source of the underlying scam. - The external call tampers balances
API Results on the above contract
#
The API facet clearly marks the _transfer() and functions dependent on _transfer() as malicious
Previous
Malicious Burn