Home
News
Details

Asterix Attack Shares Similarities with Flooring Protocol and BMP Vulnerabilities

iconChaincatcher
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
This is the logo of the coin.
ETH
$1,615.78-4.59%
AI summary iconSummary

expand icon
The Asterix attack exhibits similarities to the Flooring Protocol and BMP, involving a high NFT ID displacement overflow. The protocol update aims to fix a flaw in the DN404 protocol, where an attacker stole 30 ETH through 242 transactions. The vulnerability arose from missing token ID approval checks, allowing repeated ETH extraction. The team has paused interactions with the current pool and plans to migrate to a secure deployment. On-chain news underscores the ongoing risks associated with NFT token approvals.

ChainCatcher report: Yu Xian, founder of SlowMist, posted that the attack on Asterix is similar to yesterday’s attacks on Flooring Protocol and BMP (underlying protocols DN404 and BT404, respectively), involving overflow and reuse due to高位 NFT ID shifting. It appears the attacker is seeking common vulnerabilities. It is reported that Asterix disclosed an attack yesterday affecting its ASTX token contract, stating that its Uniswap v4 liquidity pool was compromised on June 8. The attacker stole approximately 30 ETH through 242 transactions. The vulnerability stemmed from the early version of DN404 lacking proper validation checks on token ID approvals during approval operations. The attacker exploited outdated token approvals to repeatedly sell tokens within the pool for ETH, then used forged IDs to withdraw equivalent token amounts, creating a cycle that eventually drained all funds. As smart contracts are immutable and cannot be patched, the team advises users to cease all interactions with the current pool and token, and is planning a migration to a secure token deployment. The team suspects the attacker used a jailbroken AI tool to perform fuzz testing and uncover non-standard logic paths.

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.