Vazi Profile picture
Researcher @HypernativeLabs prev. @Zengo
Jul 18 9 tweets 4 min read
1/ The exploiter of the @WazirXIndia Multisig was able to drain it after changing the implementation of the Multisig, that couldn't have been done without compromising the signers EOA, but here's a closer look on the attack flow 🧵 2/ after the following tx of the Safe the attacker starts to drain, let's analyze the Msig tx params
* to - the to address is the address we want to call
* data - the data including the selector of the "to" we are calling
* operation - That's a very important one - Safe supports an Operation Enum which can be either 0 - Call or 1 - Delegatecall etherscan.io/tx/0x48164d3ad…
github.com/safe-global/sa…Image