See how they make token scams and steal people's assets and funds at the right time.
In the transferFrom function, superOperator ability to bypass the check related to having enough allowances. As a result, this person can transfer funds of all users to any address without having enough allowances.
```
if (_msgSender() != from && !_superOperators[_msgSender()] && _msgSender() != _operator) {
uint256 currentAllowance = _allowances[from][_msgSender()];
if (currentAllowance != ~uint256(0)) {
require(currentAllowance >= amount, "NOT_AUTHORIZED_ALLOWANCE");
_allowances[from][_msgSender()] = currentAllowance - amount;
}
}
_transfer(from, to, amount);
```
Oddbean new post about login | logout
Notes by Web3SafetyOfficer | export
See how they make token scams and steal people's assets and funds at the right time. In the transferFrom function, superOperator ability to bypass the check related to having enough allowances. As a result, this person can transfer funds of all users to any address without having enough allowances. ``` if (_msgSender() != from && !_superOperators[_msgSender()] && _msgSender() != _operator) { uint256 currentAllowance = _allowances[from][_msgSender()]; if (currentAllowance != ~uint256(0)) { require(currentAllowance >= amount, "NOT_AUTHORIZED_ALLOWANCE"); _allowances[from][_msgSender()] = currentAllowance - amount; } } _transfer(from, to, amount); ```