時価総額: $2.6669T -1.190%
ボリューム(24時間): $129.9898B 62.650%
  • 時価総額: $2.6669T -1.190%
  • ボリューム(24時間): $129.9898B 62.650%
  • 恐怖と貪欲の指数:
  • 時価総額: $2.6669T -1.190%
暗号
トピック
暗号化
ニュース
暗号造園
動画
トップニュース
暗号
トピック
暗号化
ニュース
暗号造園
動画
bitcoin
bitcoin

$83571.608249 USD

-1.38%

ethereum
ethereum

$1826.028236 USD

-3.02%

tether
tether

$0.999839 USD

-0.01%

xrp
xrp

$2.053149 USD

-2.48%

bnb
bnb

$601.140115 USD

-0.44%

solana
solana

$120.357332 USD

-3.79%

usd-coin
usd-coin

$0.999833 USD

-0.02%

dogecoin
dogecoin

$0.166175 USD

-3.43%

cardano
cardano

$0.652521 USD

-3.00%

tron
tron

$0.236809 USD

-0.59%

toncoin
toncoin

$3.785339 USD

-5.02%

chainlink
chainlink

$13.253231 USD

-3.91%

unus-sed-leo
unus-sed-leo

$9.397427 USD

-0.19%

stellar
stellar

$0.266444 USD

-1.00%

sui
sui

$2.409007 USD

1.15%

暗号通貨のニュース記事

Flash Loan Attack Drains 500K USD From CloberDEX on Base

2024/12/26 09:05

Flash Loan Attack Drains 500K USD From CloberDEX on Base

Recently, an on-chain attack was detected against CloberDEX, a project on Base. The attacker gained about 133 ETH, or about 500,000 USD, through this attack.

The attacked project is CloberDEX, and its main functions are as follows: open a new trading pool containing trading pairs A to B and B to A, and each trading pair also contains a preset trading strategy; mint is to add liquidity to the trading pair and obtain LP Token; burn is to destroy LP Token to obtain the corresponding currency.

Let's take a look at the attack process:

First, the attacker borrowed 267 WETH from Morpho Blue using flashloan.

Then, the attacker used open to open two trading pairs on CloberDEX, namely Token/WETH and WETH/Token, where Token is a contract deployed by the attacker himself.

Then, the attacker used mint to transfer 267 WETH and 267 Token to the newly opened trading pair to add liquidity and obtain LP Token.

So far, there is no problem. Finally, the attacker uses burn to destroy the LP Token just obtained. Let's take a look at the specific implementation of burn;

The control flow goes to the lock function. Similarly, let's take a look at the specific implementation of lock;

As you can see, the lock function passes bytes caldata data to the lockAcquired function. Let's continue to look at the implementation of this function.

We found this line of code

We can see that the function called by the code is determined by data. The first four bytes of data are the signature of _burn, so burn essentially calls _burn.

We can see that _burn calls pool.strategy.burnHook(msg.sender, key, burnAmount,supply) again, and the processing of the pool's reserver comes after this code. So, the problem lies here. The address of the strategy contract of the pool corresponding to the trading pair can be controlled by the attacker. In this attack, the attacker wrote the address as his own attack contract address: 0x32fb1bedd95bf78ca2c6943ae5aeaeaafc0d97c1 .

When the contract process reaches the BurnHook of the attacking contract, burn is called again to complete the reentrancy attack.

The attacker took out 264 WETH and 133 WETH from the CloberDEX contract through this vulnerability, and made a profit of 133.7 ETH after repaying the flashloan loan, which is about 500,000 USD.

The main cause of this vulnerability is that the CloberDEX project contract did not perform reentrancy detection and protection in the code for obtaining and destroying LP Tokens, and the state variables were updated after the contract was called, which eventually led to the attacker using the reentry vulnerability to empty the project's WETH. It is recommended that the project party should conduct multi-party verification when designing the economic model, price calculation mechanism and code operation logic, and try to select multiple audit companies for cross-audit when auditing the contract before it goes online.

免責事項:info@kdj.com

提供される情報は取引に関するアドバイスではありません。 kdj.com は、この記事で提供される情報に基づいて行われた投資に対して一切の責任を負いません。暗号通貨は変動性が高いため、十分な調査を行った上で慎重に投資することを強くお勧めします。

このウェブサイトで使用されているコンテンツが著作権を侵害していると思われる場合は、直ちに当社 (info@kdj.com) までご連絡ください。速やかに削除させていただきます。

2025年04月03日 に掲載されたその他の記事