3
成都链安:攻击者恶意构建callTo地址为代币合约地址,并调用transferFrom函数转移代币
source link: https://www.ccvalue.cn/article/1394643.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
成都链安:攻击者恶意构建callTo地址为代币合约地址,并调用transferFrom函数转移代币
•
21 小时前
针对“DEX聚合协议Li.Finance遭黑客攻击”事件,成都链安团队分析发现DEX聚合协议Li.Finance被攻击合约中的swapAndStartBridgeTokensViaCBridge函数中存在call注入攻击,可通过构造恶意的数据(_swapData)控制call调用的参数。在本次攻击事件中,攻击者恶意构建callTo地址为对应的代币合约地址,并调用代币合约的transferFrom函数转走受害地址的代币。此前消息,DEX聚合协议Li.Finance宣布其智能合约存在潜在漏洞,正遭黑客攻击,已停用所有交易功能。现该漏洞已修复。攻击者从29个钱包中盗取约60万美元。
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK