7*24

Hot topic

Market

Activities

PROVE trong 24 giờ đã dao động đạt 51.2%, giá hiện tại $0.3143

【PROVE24 giờ biến động trên 50%!】PROVE trong 24 giờ đã dao động đạt 51.2%, giá hiện tại $0.3143

PROVE24 giờ biến động trên 50%!

HTX dữ liệu giám sát cho thấy, TRX vượt qua 0.36 USDT, hiện báo 0.36 USDT, 24H tăng 1.32%.

【TRX vượt qua 0.36 USDT】HTX dữ liệu giám sát cho thấy, TRX vượt qua 0.36 USDT, hiện báo 0.36 USDT, 24H tăng 1.32%.

TRX vượt qua 0.36 USDT

MFER trong 24 giờ đã dao động đạt 70.94%, giá hiện tại $0.000585

【MFER24 giờ biến động vượt quá 50%!】MFER trong 24 giờ đã dao động đạt 70.94%, giá hiện tại $0.000585

MFER24 giờ biến động vượt quá 50%!

HTX data monitoring shows that AAVE has broken through 90 USDT, currently reported at 90.01 USDT, with a 24H increase of 3.29%.

【AAVE breaks through 90 USDT】HTX data monitoring shows that AAVE has broken through 90 USDT, currently reported at 90.01 USDT, with a 24H increase of 3.29%.

AAVE breaks through 90 USDT

HTX dữ liệu giám sát cho thấy, BTC vượt qua 78000 USDT, hiện báo 78004.74 USDT, 24H tăng 1.68%.

【BTC vượt qua 78000 USDT】HTX dữ liệu giám sát cho thấy, BTC vượt qua 78000 USDT, hiện báo 78004.74 USDT, 24H tăng 1.68%.

BTC vượt qua 78000 USDT

WARD trong 24 giờ đã dao động đạt 50.34%, giá hiện tại $0.014895

【WARD24 giờ dao động trên 50%!】WARD trong 24 giờ đã dao động đạt 50.34%, giá hiện tại $0.014895

WARD24 giờ dao động trên 50%!

KIMA trong 24 giờ đã dao động 66.62%, giá hiện tại $0.0055

【KIMA24 giờ dao động trên 50%!】KIMA trong 24 giờ đã dao động 66.62%, giá hiện tại $0.0055

KIMA24 giờ dao động trên 50%!

HTX data monitoring shows that HTX has broken through 2e-06 USDT, currently reported at 2.001e-06 USDT, with a 24H increase of 1.78%.

【HTX breaks through 2e-06 USDT】HTX data monitoring shows that HTX has broken through 2e-06 USDT, currently reported at 2.001e-06 USDT, with a 24H increase of 1.78%.

HTX breaks through 2e-06 USDT

MAPO trong 24 giờ đã dao động lên tới 72.89%, giá hiện tại là $0.001984

【MAPO24 giờ dao động hơn 50%!】MAPO trong 24 giờ đã dao động lên tới 72.89%, giá hiện tại là $0.001984

MAPO24 giờ dao động hơn 50%!

According to the SlowMist, on December 25, 2022, the Rubic cross-chain aggregator project was attacked, resulting in the theft of USDC from user accounts. The Slow Fog security team shared the following in a newsletter.
1. Rubic is a DEX cross-chain aggregator that allows users to exchange Native Token via the routerCallNative function in the RubicProxy contract. Before the exchange, it checks whether the target Router to be called is in the whitelist of the protocol. 2.
After the whitelist check, the target Router is called and the call data is passed in externally by the user. 3.
Unfortunately USDC is also added to the Rubic protocol's Router whitelist, so any user can invoke USDC at will via the RubicProxy contract. 4.
The malicious user exploits this issue by calling the USDC contract via the routerCallNative function to transfer USDC from a user who has authorized the RubicProxy contract to the malicious user's account via the transferFrom interface.
The root cause of this attack is that the Rubic protocol incorrectly adds USDCs to the Router whitelist, resulting in the theft of USDCs from users who have authorised the RubicProxy contract.

Detail

【SlowMist: Rubic protocol wrongly adds USDC to Router whitelist】According to the SlowMist, on December 25, 2022, the Rubic cross-chain aggregator project was attacked, resulting in the theft of USDC from user accounts. The Slow Fog security team shared the following in a newsletter.
1. Rubic is a DEX cross-chain aggregator that allows users to exchange Native Token via the routerCallNative function in the RubicProxy contract. Before the exchange, it checks whether the target Router to be called is in the whitelist of the protocol. 2.
After the whitelist check, the target Router is called and the call data is passed in externally by the user. 3.
Unfortunately USDC is also added to the Rubic protocol's Router whitelist, so any user can invoke USDC at will via the RubicProxy contract. 4.
The malicious user exploits this issue by calling the USDC contract via the routerCallNative function to transfer USDC from a user who has authorized the RubicProxy contract to the malicious user's account via the transferFrom interface.
The root cause of this attack is that the Rubic protocol incorrectly adds USDCs to the Router whitelist, resulting in the theft of USDCs from users who have authorised the RubicProxy contract.

SlowMist: Rubic protocol wrongly adds USDC to Router whitelist

Anthropic Founder's Handbook: How to Build an AI-Native Company!

XRP Ledger Hard Fork In 8 Days? Upgrade Deadline Sparks Network Split Debate

As Presale Funding Nears $7.2 Million, Ozak AI’s Early Pricing Window Begins to Narrow

Market Expert Updates XRP Roadmap To $300 With New Data

$50 Million Funding Ignites Airdrop Anticipation, Variational Becomes New Focus of Perp DEX

Musk Posted a Recruitment Ad for SpaceX, and After Reading the Comments Section, I Understood

Cloudflare CEO: How I Decided Which Employees to Replace with AI?

Secures Over $60 Million in Funding from Dragonfly, Sequoia, and Others. An In-Depth Look at the On-Chain Derivatives Protocol Variational | CryptoSeed

General Tensor and Talisman Joining Forces To Build Financial Rails for Decentralized AI

Warsh's First Day in Office, Markets Deliver a 'Wake-up Call': Rate Hike Expected This Year

Article

zest soared to 0.186237 USDT, a new high with a 24-hour increase of 14.78%. It currently trades at 0.180202 USDT on HTX.

SlowMist: Rubic protocol wrongly adds USDC to Router whitelist

Tuyên bố miễn trừ trách nhiệm：Nội dung trên không đại diện cho quan điểm của HTX.，HTX không đưa ra bất kỳ lời khuyên giao dịch nào.。

Bài viết liên quan

Tất cả bình luận0Mới nhấtPhổ biến

Chủ đề đang thịnh hành

Bài viết liên quan