Binance Square
Αρχική σελίδα
Ειδοποίηση
Προφίλ
Δημοφιλέστερα άρθρα
Νέα
Κέντρο δημιουργού
Ρυθμίσεις
LIVE
LIVE
kaymyg
--6 views
Via #AnciliaAlerts on X, @rugged_dot_art has identified a re-entrancy #vulnerability in a smart contract with address 0x9733303117504c146a4e22261f2685ddb79780ef, allowing an attacker to #exploit it and gain 11 #ETH . The attack transaction can be traced on #Etherscan at https://etherscan.io/tx/0x5a63da39b5b83fccdd825fed0226f330f802e995b8e49e19fbdd246876c67e1f. Despite reaching out to the owner three days ago, there has been no response. The vulnerability resides in the targetedPurchase() function, where a user can input arbitrary swapParams, including commands to 4. This triggers the UNIVERSAL_ROUTER.execute() function, and as per Uniswap Technical Reference, command 4 corresponds to SWEEP, invoking the sweep() function. This function sends ETH back to the user's contract, leading to a re-entrancy issue. Within targetedPurchase(), a balance check is performed before and after calling _executeSwap(). Due to the re-entrancy problem, a user can stake tokens (e.g., from a flashloan) to satisfy the balance check, ensuring a successful purchase action where tokens are transferred to the user. The urgency of the situation is underscored by the ongoing waiting period for the owner's response, emphasizing the need for prompt attention to mitigate potential exploitation.

Via #AnciliaAlerts on X, @rugged_dot_art has identified a re-entrancy #vulnerability in a smart contract with address 0x9733303117504c146a4e22261f2685ddb79780ef, allowing an attacker to #exploit it and gain 11 #ETH . The attack transaction can be traced on #Etherscan at https://etherscan.io/tx/0x5a63da39b5b83fccdd825fed0226f330f802e995b8e49e19fbdd246876c67e1f. Despite reaching out to the owner three days ago, there has been no response.

The vulnerability resides in the targetedPurchase() function, where a user can input arbitrary swapParams, including commands to 4. This triggers the UNIVERSAL_ROUTER.execute() function, and as per Uniswap Technical Reference, command 4 corresponds to SWEEP, invoking the sweep() function. This function sends ETH back to the user's contract, leading to a re-entrancy issue.

Within targetedPurchase(), a balance check is performed before and after calling _executeSwap(). Due to the re-entrancy problem, a user can stake tokens (e.g., from a flashloan) to satisfy the balance check, ensuring a successful purchase action where tokens are transferred to the user. The urgency of the situation is underscored by the ongoing waiting period for the owner's response, emphasizing the need for prompt attention to mitigate potential exploitation.

Αποποίηση ευθυνών: Περιλαμβάνει γνώμες τρίτων. Δεν είναι οικονομική συμβουλή. Δείτε τους Όρους και προϋποθέσεις.
0
Σχετικός δημιουργός
LIVE
kaymyg
@kaymyg

Ανακαλύψτε περισσότερα από τον Δημιουργό

(@ai_9684xtpa ) In 2015, the address participating in the ETH ICO deposited 1,996 MKR to #Binance 20 hours ago, worth $6.69 million. This address has transferred a total of 7,495 #MKR to Binance in the past week, with a total value of 24.36 million US dollars; its $MKR cost is approximately $1,385, and if all sold, it will make a profit of 13.98 million US dollars This address received 57413.8 pieces $ETH (0X6C0E712F405C59725FE829E9774BF4DF7F4DD965 ) during the #EthereumICO period
--
(sources still being authenticated) #NilamResources , a South American #gold mining company, has announced its plans to acquire 24,800 #Bitcoin valued at approximately $1.7 billion, through a press release dated March 26. $BTC
--
(lookonchain) If you don’t know how to snipe a coin, buying immediately after it opens trading is very dangerous! This guy lost 721 $SOL($138K) in just 35 mins! He withdrew 1,535 $SOL from #Binance before $PUNDU opened trading. But until 2 minutes after the trading opened, he bought #PUNDU with 1,485 $SOL. The price quickly dropped due to sniper selling and he sold all $PUNDU to get back only 764 $SOL
--
(Greekslive) The $70,000 is very hotly contested, and the end of the month is a huge amount of options to be delivered, with the $70,000 call currently holding the second largest options contract. Repeated crossings of $70,000 can expose option sellers to large Gamma losses. In the period approaching delivery, market makers and institutions will look forward to less volatility, which is more favourable for large-scale position shifting and risk hedging, but in the current tightrope like market, this wish may be difficult to achieve. $BTC #BTC🔥🔥🔥🔥
--
(lookonchain) In less than 20 mins, this sniper earned 21,657 #SOL ($4.1M) on #PUNDU . 😱 He spent 17,285 $SOL($3.3M) to buy 86.34M $PUNDU in the same block where the #PUNDU deployer added liquidity. Then he sold all $PUNDU for 38,942 $SOL($7.4M) within 20 mins.
--

Τελευταία νέα

AI Security Platform Rug.ai Raises $1.1 Million in Pre-Seed Funding Round
--
NFT Collector Pranksy Destroys 50 Million Poopcoins Worth $730,000
--
Binance Market Update (2024-03-31)
--
AltLayer Token Staking Value Surpasses $45 Million
--
UK's FCA Releases Guidelines for Memecoin Influencers and Financial Services Firms
--
Προβολή περισσότερων
Χάρτης τοποθεσίας
Cookie Preferences
Όροι και Προϋπ. της πλατφόρμας
Χάρτης τοποθεσίας
Όροι και Προϋπ. της πλατφόρμας
ba-one-trust-cookie