Home
News
Details
source avatarSlowMist

Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
This is the logo of the coin.
ETH
$2,313.340.76%
This is the logo of the coin.
USDC
$0.9999-0.01%
This is the logo of the coin.
WBTC
$79,682.10-0.44%

🚨SlowMist TI Alert🚨 💸 Loss: ~1,291.16 ETH + ~1,268,771 USDC + ~206,282 USDT + ~16.94 WBTC @trustedvolumes 🔍 Root Cause: In fillOrder function (selector 0x4112e1c2) of RFQ Implementation, signature validation checks _allowedSigners[msg.sender][signer] using caller (taker) instead of order's maker as key, allowing registration via registerAllowedOrderSigner for attack contract and execution of forged orders for any maker. 📌 Attacker EOA: 0xc3ebddea4f69df717a8f5c89e7cf20c1c0389100 📌 Victim Contract: 0x9ba0cf1588e1dfa905ec948f7fe5104dd40eda31 📌 Vulnerable Contract: 0x88eb28009351fb414a5746f5d8ca91cdc02760d8 Attacker drained assets from custodial contract with unlimited approvals via 4 forged RFQ orders.

No.0 picture
Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.