Casper 網路因攻擊而暫停後於 7 月 26 日恢復運營

Casper 網路因 7 月 26 日的攻擊而中斷幾天後現已恢復運作。

On 26 July, an attacker managed to conduct illicit transactions on the Casper network before the core team noticed suspicious activity and halted the network. The attacker was able to transfer tokens due to a vulnerability that allowed a contract installer to bypass the access rights check on urefs. This enabled the attacker to grant the contract access to uref based resources, escalating their privileges and allowing them to transfer tokens illicitly.

7 月 26 日，在核心團隊發現可疑活動並停止網路之前，攻擊者設法在 Casper 網路上進行非法交易。由於存在允許合約安裝程式繞過 urefs 存取權限檢查的漏洞，攻擊者能夠轉移代幣。這使得攻擊者能夠授予合約存取基於 uref 的資源的權限，從而提升他們的權限並允許他們非法轉移代幣。

The core team identified the vulnerability and offered a fix, which validators had to manually update. After updating their nodes, validators scanned the entire chain for illicit transactions from its genesis block. 64 Casper validators, representing 85% of the CSPR tokens staked in the network, unanimously agreed to restart the network. As the network kicked off again, two blocks consisting of four transactions that led to the attack were orphaned. A total of 13 wallets were affected by the attack, with the Casper team making them whole in the wake of the breach.

核心團隊識別了該漏洞並提供了修復程序，驗證者必須手動更新該修復程序。更新節點後，驗證者從創世區塊掃描整個鏈以查找非法交易。 64 位 Casper 驗證者（代表網路中質押的 CSPR 代幣的 85%）一致同意重啟網路。當網路再次啟動時，由導致攻擊的四筆交易組成的兩個區塊被孤立。共有 13 個錢包受到此次攻擊的影響，Casper 團隊在漏洞發生後將其全部恢復。