Tron2steem Bug Fix: Filter out TRC-10 Tokens

Critical Bug Identified:

The transaction processing logic for Tron2STEEM Swap did not filter out TRC-10 token transfers, which was a severe oversight. In theory, this vulnerability could be exploited to trigger unintended swaps, leading to significant financial losses.

Impact:

  • Exploitation Risk: Malicious users could craft transactions with TRC-10 tokens (other than TRX) to mimic legitimate swap requests, draining the system's resources.
  • Incorrect Transaction Handling: Non-TRX token transfers were being processed incorrectly, potentially polluting the database with invalid records.
  • Financial Losses: Triggering swaps on TRC-10 tokens might result in losses due to unintended conversions or incorrect exchange rate calculations.

Fix Summary:

To mitigate this issue, a strict filter has been added to process only TRX or USDT, USDD transactions by verifying the transaction's contract type.

for (let tx of currentPageTransactions) {             
    // Check if the transaction is a TRX transfer (TransferContract)
    const contractType = tx.raw_data.contract[0].type;
    if (contractType !== "TransferContract") {
        console.log(`Skipping non-TRX transaction: ${contractType}`);
        continue;
    }
    // the rest of the code

Key Changes in Code:

  • Added Contract Type Validation: Ensures only transactions with TransferContract (TRX transfers) are processed. Transactions involving TransferAssetContract (TRC-10 tokens) are now skipped.
  • Improved Logging: Logs are updated to highlight when non-TRX transactions are filtered out for traceability.

image.png

Steem to the Moon🚀!

Sort:  

🤖 @justyy - wonderful content as always! 🌈 🚀

image

Hey friend! 🎉 Come check out your awesome post on my shiny new front-end! It's still a work in progress but I'd love to hear what you think! View your post here

Coin Marketplace

STEEM 0.24
TRX 0.26
JST 0.041
BTC 98449.34
ETH 3495.58
USDT 1.00
SBD 3.36