当前位置:网站首页>Superfluid_ HQ hacked analysis
Superfluid_ HQ hacked analysis
2022-07-06 01:18:00 【Know Chuangyu blockchain Security Laboratory】
front ⾔
2022 year 2 month 8 Japan , Know Chuangyu blockchain Security Lab Detected on Ethereum DeFi agreement superfluid Encounter hacker attack , Loss exceeding 1300 Thousands of dollars . The laboratory tracked and analyzed this event for the first time .
The attack involves basic information
Superfluid:0xEBbe9a6688be25d058C9469Ee4807E5eF192897f
Attack trading hash:0x396b6ee91216cf6e7c89f0c6044dfc97e84647f5007a658ca899040471ab4d67
Hacker address :0x1574F7F4C9d3aCa2EbcE918e5d19d18aE853c090
Attack contract address : 0x32D47ba0aFfC9569298d4598f7Bf8348Ce8DA6D4
Vulnerability analysis
The core of the vulnerability
The core of this vulnerability lies in the function callAgreement, This function is mainly used to provide a function named "ctx" Data structure of ,“ctx” Used for communication sharing between protocols . The attacker of this incident is right ”ctx“ The data are forge , Achieve the purpose of cheating the contract .
Exploit
Why fake data is used and how attackers construct fake “ctx” Data ?
From the transaction, we can see that the attacker is directly in callData A false is passed in at the end “ctx”, At the same time, it's really “ctx” The data is also constructed , It's just that the program will callData Data and “ctx” Packaged into an object , When the protocol decodes the object ,ABI The decoder will only process the data at the front and ignore the data at the back .
And build a fake “ctx” The data is not complicated , because “ctx” The end of the structure is all zero, so we only need to imitate “ctx” Structure adds it directly to userData in , The following is an official example of how to build a fake “ctx”:
summary
This attack event lies in the unconditional trust of the source data during protocol data processing , User data should be identified and distinguished from official construction data . In the near future , Various contract vulnerabilities and security incidents occur frequently , Contract audit 、 Risk control measures 、 It is necessary to implement the emergency plan .
边栏推荐
- China Taiwan strategy - Chapter 8: digital marketing assisted by China Taiwan
- ORA-00030
- How to see the K-line chart of gold price trend?
- Mathematical modeling learning from scratch (2): Tools
- RAID disk redundancy queue
- Hcip---ipv6 experiment
- MATLB|实时机会约束决策及其在电力系统中的应用
- The inconsistency between the versions of dynamic library and static library will lead to bugs
- Three methods of script about login and cookies
- Questions about database: (5) query the barcode, location and reader number of each book in the inventory table
猜你喜欢
Hcip---ipv6 experiment
Mobilenet series (5): use pytorch to build mobilenetv3 and learn and train based on migration
Dede collection plug-in free collection release push plug-in
Who knows how to modify the data type accuracy of the columns in the database table of Damon
ORA-00030
[pat (basic level) practice] - [simple mathematics] 1062 simplest fraction
False breakthroughs in the trend of London Silver
How to see the K-line chart of gold price trend?
Installation and use of esxi
The inconsistency between the versions of dynamic library and static library will lead to bugs
随机推荐
Nmap: network detection tool and security / port scanner
MATLB | real time opportunity constrained decision making and its application in power system
ADS-NPU芯片架构设计的五大挑战
VSphere implements virtual machine migration
cf:D. Insert a Progression【关于数组中的插入 + 绝对值的性质 + 贪心一头一尾最值】
网易智企逆势进场,游戏工业化有了新可能
File upload vulnerability test based on DVWA
MCU realizes OTA online upgrade process through UART
Who knows how to modify the data type accuracy of the columns in the database table of Damon
MYSQL---查询成绩为前5名的学生
直播系统代码,自定义软键盘样式:字母、数字、标点三种切换
Idea sets the default line break for global newly created files
MySQL learning notes 2
Opinions on softmax function
JMeter BeanShell的基本用法 一下语法只能在beanshell中使用
Logstash clear sincedb_ Path upload records and retransmit log data
CocoaPods could not find compatible versions for pod 'Firebase/CoreOnly'
Ubantu check cudnn and CUDA versions
The basic usage of JMeter BeanShell. The following syntax can only be used in BeanShell
Remember that a version of @nestjs/typeorm^8.1.4 cannot be obtained Env option problem