7*24

Hot topic

Market

Activities

HTX DAO ile ortaklık kuran HTX, 1 Mayıs 2024 tarihinde TRON ağındaki TRX ve USDT sahipleri için $HTX airdropunuzun kilidini açmak için görevlerin 2. turunu başlatacak. Mega ödülleri şimdi alın!

Git>>

【TRON Network Kullanıcılarına Mega $HTX Airdropları】HTX DAO ile ortaklık kuran HTX, 1 Mayıs 2024 tarihinde TRON ağındaki TRX ve USDT sahipleri için $HTX airdropunuzun kilidini açmak için görevlerin 2. turunu başlatacak. Mega ödülleri şimdi alın!

TRON Network Kullanıcılarına Mega $HTX Airdropları

HTX DAO ile ortaklık kuran HTX, TRON ağındaki TRX ve USDT sahipleri için $HTX airdropunuzun kilidini açabileceğiniz ilk tur görevlerini başlatacak. Mega ödüller için şimdi görüntüleyin.

【TRON Network Kullanıcılarına: $HTX Airdropunuzun Kilidini Şimdi Açın】HTX DAO ile ortaklık kuran HTX, TRON ağındaki TRX ve USDT sahipleri için $HTX airdropunuzun kilidini açabileceğiniz ilk tur görevlerini başlatacak. Mega ödüller için şimdi görüntüleyin.

TRON Network Kullanıcılarına: $HTX Airdropunuzun Kilidini Şimdi Açın

According to the SlowMist, on December 25, 2022, the Rubic cross-chain aggregator project was attacked, resulting in the theft of USDC from user accounts. The Slow Fog security team shared the following in a newsletter.
1. Rubic is a DEX cross-chain aggregator that allows users to exchange Native Token via the routerCallNative function in the RubicProxy contract. Before the exchange, it checks whether the target Router to be called is in the whitelist of the protocol. 2.
After the whitelist check, the target Router is called and the call data is passed in externally by the user. 3.
Unfortunately USDC is also added to the Rubic protocol's Router whitelist, so any user can invoke USDC at will via the RubicProxy contract. 4.
The malicious user exploits this issue by calling the USDC contract via the routerCallNative function to transfer USDC from a user who has authorized the RubicProxy contract to the malicious user's account via the transferFrom interface.
The root cause of this attack is that the Rubic protocol incorrectly adds USDCs to the Router whitelist, resulting in the theft of USDCs from users who have authorised the RubicProxy contract.

Detail

【SlowMist: Rubic protocol wrongly adds USDC to Router whitelist】According to the SlowMist, on December 25, 2022, the Rubic cross-chain aggregator project was attacked, resulting in the theft of USDC from user accounts. The Slow Fog security team shared the following in a newsletter.
1. Rubic is a DEX cross-chain aggregator that allows users to exchange Native Token via the routerCallNative function in the RubicProxy contract. Before the exchange, it checks whether the target Router to be called is in the whitelist of the protocol. 2.
After the whitelist check, the target Router is called and the call data is passed in externally by the user. 3.
Unfortunately USDC is also added to the Rubic protocol's Router whitelist, so any user can invoke USDC at will via the RubicProxy contract. 4.
The malicious user exploits this issue by calling the USDC contract via the routerCallNative function to transfer USDC from a user who has authorized the RubicProxy contract to the malicious user's account via the transferFrom interface.
The root cause of this attack is that the Rubic protocol incorrectly adds USDCs to the Router whitelist, resulting in the theft of USDCs from users who have authorised the RubicProxy contract.

SlowMist: Rubic protocol wrongly adds USDC to Router whitelist

Anthropic Founder's Handbook: How to Build an AI-Native Company!

XRP Ledger Hard Fork In 8 Days? Upgrade Deadline Sparks Network Split Debate

As Presale Funding Nears $7.2 Million, Ozak AI’s Early Pricing Window Begins to Narrow

Market Expert Updates XRP Roadmap To $300 With New Data

$50 Million Funding Ignites Airdrop Anticipation, Variational Becomes New Focus of Perp DEX

Musk Posted a Recruitment Ad for SpaceX, and After Reading the Comments Section, I Understood

XRP Has Overtaken Solana And Ethereum In This Major Metric

Cloudflare CEO: How I Decided Which Employees to Replace with AI?

Secures Over $60 Million in Funding from Dragonfly, Sequoia, and Others. An In-Depth Look at the On-Chain Derivatives Protocol Variational | CryptoSeed

Warsh's First Day in Office, Markets Deliver a 'Wake-up Call': Rate Hike Expected This Year

Article

bill currently trades at 0.116971 USDT, up 21.90% in 24h, according to HTX market data.

zest soared to 0.186237 USDT, a new high with a 24-hour increase of 14.78%. It currently trades at 0.180202 USDT on HTX.

Shanghai and Shenzhen Markets Total Trading Volume Reaches 32,057.3 Billion Yuan, SMIC Leads in Trading Volume

Trump Publicly Praises Micron, Speculation of Aggressive Call Option Purchases

BlackRock Analyst: Fed Likely to Support a Rate Cut Under Waller's Leadership

Bhutan Transfers $2.37 Billion in Bitcoin This Year, Recently Moves 90 BTC to Segwit Address

Trump: Agreement with Iran Will Either Be Great or There Will Be No Agreement

Trade XYZ Acquires MINIMAX Code for 500 HYPE, Potential Launch of MINIMAX Perpetual Contracts

BlackRock Sold $1 Billion in Bitcoin Last Week

genius soared to 0.7435 USDT, a new high with a 24-hour increase of -4.92%. It currently trades at 0.6763 USDT on HTX.

News

Tariffs Crash Crypto

Share Your HTX Earn Strategies and Earnings

Claim1,200 USDT in the Monthly Creation Challenge

Hit March's Interaction Leaderboard

Share Your Thoughts on Popular Assets in March

Share Crypto Stories to Win 400 USDT

Contest for HTX Community's Most Popular Post

Post To Earn Bonus

Share Your Thoughts on Popular Assets in June

Check In to Win a 20g Gold Bar

Topic

Special

Post

BILL: Human-AI Collaboration Network

ZEST: Bitcoin Lending Protocol

ATWO: Fans Vote to Change Live Outcomes

HTXSquare: Global Markets After Trump China Visit

Grab Your Share of the 300 USDT Prize Pool!

TWT: Trust Wallet Ecosystem Token

BTC Shakes at $80K—Up or Down?

Everything Can Be Huobao

MEGA: Real-Time Execution Layer for Ethereum

$110K Spring Airdrop Rain—18 Days Straight!

HTX  Creation Challenge — Post and Win 1,500U 💥

Rain: Uniswap for Predictions on Arbitrum

MU: Top Memory Chip Maker 

Orca: Top AMM DEX on Solana

ZBT: Real-Time ZK Prover Network

BLEND: Multi-Language L2 Rollup

Genius: First Private On-Chain Terminal

BIO: DeSci Governance & Liquidity

CHIP: Yield-Bearing Synthetic Stablecoin

CC: Institutional Privacy L1

Recommend

Follow

Articles

Community

SlowMist: Rubic protocol wrongly adds USDC to Router whitelist

Sorumluluk Reddi：Yukarıdaki içerik HTX'ın tutumunu temsil etmez.，HTX herhangi bir alım satım önerisinde bulunmaz.。

İlgili Makaleler

Tüm Yorumlar0En yeniPopüler

Trend Konular

İlgili Makaleler