SunSec Profile picture
Jul 24, 2022 7 tweets 3 min read Read on X
The bug was in Audius community treasury contract.
Exploited steps:
Tx (1): initialize + ProposalSubmitted + Staked.
Attacker called initialize() to modify configurations:
_votingPeriod to 3 blocks,
_executionDelay to 0 block
_guardianAddress

etherscan.io/tx/0xfefd829e2… Image
Tx (1), cont: submitted malicious proposal ID:85, which requested a transfer to attacker ~18M AUDIO tokens.
#AUDIO #web3 #web3sec Image
Tx (2): ProposalVoteSubmitted.
etherscan.io/tx/0x3c09c6306…
Tx (3): Proposal executed. Transferred 18,564,497 AUDIO to attacker.
etherscan.io/tx/0x4227bca8e… Image
Tx (4): Over uniswap to swap all AUDIO to 704 ETH (~$1M).
etherscan.io/tx/0x82fc23992…
All stolen funds are currently on the attacker's EOA: 0xa0c7BD318D69424603CBf91e9969870F21B8ab4c Image

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with SunSec

SunSec Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @1nf0s3cpt

Jun 17, 2023
🔥[Link updated] Root Cause Analysis of 101 DeFi Hacks!!!

👉English: web3sec.notion.site/web3sec/ba4593…

🧵This analysis is supported in 5 languages. Image
Read 5 tweets
Oct 5, 2022
🤖 MEV bot hacked - case 1

Root cause: Inappropriate visibility
When: 2022/09/13
Lost: ~$140k
Total 86,288 transactions in MEV bot.
MEV contract: 0x64dD59D6C7f09dc05B472ce5CB961b6E10106E1d

Attacked tx: bscscan.com/tx/0xd48758ef4…

👇Check what happened on MEV bot.
#MEV
1) Decompile contract
We can see a public function called pancakeCall, which means anyone can call this function. Image
2) Check pancakeCall code logic
Once pass all required check then perform 0x10a(v0, varg2, varg1);
Read 5 tweets
Oct 2, 2022
@TransitFinance

Root cause: Incorrect owner address validation.

POC: github.com/SunWeb3Sec/DeF…

#DeFi #Web3 #Security

👇Steps Image
It's simple, but you need to study past transactions to know how to combine the call data.

1. You can input any innocent user who granted approvals to "0xed1afc8c4604958c2f38a3408fa63b32e737c428" before.
2. Contract "0xed1afc8c4604958c2f38a3408fa63b32e737c428" will perform transferFrom to transfer amount of innocent user to attacker.

That's it.
Read 8 tweets
Jul 1, 2022
@quixotic_io

Attacker Wallet: 0x0a0805082ea0fc8bfdcc6218a986efda6704efe5
688 accounts hacked.
Around 214k $OP lost
fillSellOrder issue in Quixotic contract optimistic.etherscan.io/address/0x065e…
If you are in Quixotic, urgent to revoke this address, 0x065e8a87b8f11aed6facf9447abe5e8c5d7502b6
@quixotic_io Crazy, unlimited ATM XD Attacker can input whatever buyer address XD Image
Read 4 tweets
Jun 24, 2022
Hackers exploited a vulnerability to steal 85,837 ETH (appr. $100 million) from Harmony's Horizon Bridge.

All the tokens drained to this address
etherscan.io/address/0x0d04…

Bridge address:
0x2dccdb493827e15a5dc8f8b72147e6c4a5620857
#harmonyprotocol
First exploited since block 15012646, transfered 13,100 Ether.
TransactionID: 21106
etherscan.io/tx/0x27981c728…
Confrimed by two wallets. 2 of 5 approval will trigger transaction.
0xf845A7ee8477AD1FB4446651E548901a2635A915
0x812d8622C6F3c45959439e7ede3C580dA06f8f25 Image
Read 8 tweets
Jun 8, 2022
@GymNet_Official hacked analysis summary. $2+ million lost.

Attacker wallet: 0xb2c035eee03b821cbe78644e5da8b8eaa711d2e5

Attacker contract: 0x7cBfD7BCCd0a4a377eC6f6e44857eFe42c91b6eA

🚨Details in thread.
1.Unauthorized call depositFromOtherContract function to deposit 8,000,000 (GYMNET)
Due to incorrect access control.
bscscan.com/tx/0x8432c1c66… Image
@GymNet_Official 2.Attacker withdrew 8,000,000 (GYMNET) to attacker's contract 0x7cbfd7bccd0a4a377ec6f6e44857efe42c91b6ea
bscscan.com/tx/0x171a44816…
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(