Casper 网络因攻击而暂停后于 7 月 26 日恢复运营

Casper 网络因 7 月 26 日的攻击而中断几天后现已恢复运行。

On 26 July, an attacker managed to conduct illicit transactions on the Casper network before the core team noticed suspicious activity and halted the network. The attacker was able to transfer tokens due to a vulnerability that allowed a contract installer to bypass the access rights check on urefs. This enabled the attacker to grant the contract access to uref based resources, escalating their privileges and allowing them to transfer tokens illicitly.

7 月 26 日，在核心团队发现可疑活动并停止网络之前，攻击者设法在 Casper 网络上进行非法交易。由于存在允许合约安装程序绕过 urefs 访问权限检查的漏洞，攻击者能够转移代币。这使得攻击者能够授予合约访问基于 uref 的资源的权限，从而提升他们的权限并允许他们非法转移代币。

The core team identified the vulnerability and offered a fix, which validators had to manually update. After updating their nodes, validators scanned the entire chain for illicit transactions from its genesis block. 64 Casper validators, representing 85% of the CSPR tokens staked in the network, unanimously agreed to restart the network. As the network kicked off again, two blocks consisting of four transactions that led to the attack were orphaned. A total of 13 wallets were affected by the attack, with the Casper team making them whole in the wake of the breach.

核心团队识别了该漏洞并提供了修复程序，验证者必须手动更新该修复程序。更新节点后，验证者从创世块扫描整个链以查找非法交易。 64 位 Casper 验证者（代表网络中质押的 CSPR 代币的 85%）一致同意重启网络。当网络再次启动时，由导致攻击的四笔交易组成的两个区块被孤立。共有 13 个钱包受到此次攻击的影响，Casper 团队在漏洞发生后将其全部恢复。