On April 13, BlockSec Phalcon disclosed a MMR proof replay vulnerability in the HandlerV1 contract managed by Hyperbridge on the Ethereum network, resulting in approximately $242,000 in losses. The vulnerability stemmed from the lack of binding between proofs and requests, allowing attackers to replay historical valid proofs and forge requests to alter administrator permissions, thereby minting additional DOT and ARGN tokens for profit. The related attack transactions included approximately $237,400 in losses from DOT minting and about $3,800 in losses from ARGN minting. The vulnerability was discovered and analyzed by PhalconSecurity.
Hyperbridge Contract Vulnerability Causes $242,000 Loss
AiCoinShare
Summary
A smart contract vulnerability in Hyperbridge’s HandlerV1 contract on Ethereum resulted in a $242,000 loss on April 13. BlockSec Phalcon identified an MMR proof replay flaw that enabled attackers to reuse valid proofs to forge admin requests and mint additional DOT and ARGN tokens. The breach involved losses of $237,400 in DOT and $3,800 in ARGN. Contract security firm PhalconSecurity discovered and analyzed the issue, which allowed attackers to exploit smart contract vulnerabilities for financial gain.
Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information.
Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.