Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
View Regular
SunSec Profile picture
SunSec
@1nf0s3cpt
CISO @xrexinc | Founder @DeFiHackLabs Web3 Security Community.

Jul 24, 2022, 7 tweets

Governance attack! Attacker profited ~$1M. etherscan.io/tx/0x4227bca8e…

The bug was in Audius community treasury contract.
Exploited steps:
Tx (1): initialize + ProposalSubmitted + Staked.
Attacker called initialize() to modify configurations:
_votingPeriod to 3 blocks,
_executionDelay to 0 block
_guardianAddress

etherscan.io/tx/0xfefd829e2…

Tx (1), cont: submitted malicious proposal ID:85, which requested a transfer to attacker ~18M AUDIO tokens.
#AUDIO #web3 #web3sec

Tx (2): ProposalVoteSubmitted.
etherscan.io/tx/0x3c09c6306…

Tx (3): Proposal executed. Transferred 18,564,497 AUDIO to attacker.
etherscan.io/tx/0x4227bca8e…

Tx (4): Over uniswap to swap all AUDIO to 704 ETH (~$1M).
etherscan.io/tx/0x82fc23992…

All stolen funds are currently on the attacker's EOA: 0xa0c7BD318D69424603CBf91e9969870F21B8ab4c

Share this Scrolly Tale with your friends.

A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.

Keep scrolling