SvelteKit
GitHub

WETH Permit Exploit: Developer's Guide

Understanding the Vulnerability

The WETH (Wrapped Ether) contract lacks a 'permit' function, but due to its fallback function, it doesn't revert when 'permit' is called. This can lead to unexpected behavior in contracts interacting with WETH.

Exploit Mechanism

  1. User approves a vulnerable contract to spend their WETH.
  2. Attacker calls a function like 'depositWithPermit' on the vulnerable contract.
  3. The contract attempts to call 'permit' on WETH, which silently succeeds due to the fallback.
  4. The contract then transfers WETH from the user to itself, crediting the attacker.
  5. Attacker withdraws the stolen WETH.

Prevention Strategies

  • Token-specific logic: Implement different logic for WETH and other ERC20 tokens.
  • Explicit checks: Verify the existence of the 'permit' function before calling it.
  • Use interfaces: Employ strict interfaces for token interactions to catch missing functions at compile-time.
  • Avoid universal solutions: Don't assume all ERC20 tokens behave identically.

Key Takeaways

  • Always thoroughly test interactions with external contracts.
  • Be aware of the unique behaviors of popular tokens like WETH.
  • Implement robust error handling and input validation.
  • Regularly audit your smart contracts for potential vulnerabilities.