🚨SlowMist TI Alert🚨 💸 Loss: 14.411518807585587 ETH 🔍 Root Cause: Storage slot collision between `ATOHook.rewards` mapping slot and Solady `ReentrancyGuard` fixed slot (`0x02215292eb9609279094554c6e223f800950648ddfa3da30329838d6c170928d`). The `nonReentrant` modifier in `getReward()` writes sentinel value `0xffffffffffffff` to the guard slot, which is simultaneously read as `rewards[attackContract]` due to the collision. This inflated reward is paid as ETH each call, allowing 200 repeated claims. 📌 Attacker (EOA): 0x2d2aafc193c24e59bd16139056ac9b4df4d37ad0 📌 Victim Contract: 0xa10de71ddb4e0d51938ef6e0118822e157a62888 📌 Attack Contract: 0x2441e480f62bf609a08da09143e4baf8a817d757 Storage collision between reward accounting and reentrancy guard enables unlimited reward drainage. Powered by #SlowMist.AI https://t.co/vzW3aa8pnH
Share
Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information.
Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.