慢雾：Avalanche链上Zabu Finance项目遭闪电贷攻击_虚拟币交易所平台,数字货币,NFT

当前位置: > > 慢雾：Avalanche链上Zabu Finance项目遭闪电贷攻击 慢雾：Avalanche链上Zabu Finance项目遭闪电贷攻击 2021-09-12 区块律动BlockBeat 来源：区块链网络
律动 BlockBeats 消息，9 月 12 日，Avalanche 上 Zabu Finance 项目遭受闪电贷攻击，慢雾安全团队进行分析如下： 1. 攻击者首先创建两个攻击合约，随后通过攻击合约 1 在 Pangolin 将 WAVAX 兑换成 SPORE 代币，并将获得的 SPORE 代币抵押至 ZABUFarm 合约中，为后续获取 ZABU 代币奖励做准备。 2. 攻击者通过攻击合约 2 从 Pangolin 闪电贷借出 SPORE 代币，随后开始不断的使用 SPORE 代币在 ZABUFarm 合约中进行`抵押/提现`操作。由于 SPORE 代币在转账过程中需要收取一定的手续费 (SPORE 合约收取)，而 ZABUFarm 合约实际接收到的 SPORE 代币数量是小于攻击者传入的抵押数量的。分析中我们注意到 ZABUFarm 合约在用户抵押时会直接记录用户传入的抵押数量，而不是记录合约实际收到的代币数量，但 ZABUFarm 合约在用户提现时允许用户全部提取用户抵押时合约记录的抵押数量。这就导致了攻击者在抵押时 ZABUFarm 合约实际接收到的 SPORE 代币数量小于攻击者在提现时 ZABUFarm 合约转出给攻击者的代币数量。 3. 攻击者正是利用了 ZABUFarm 合约与 SPORE 代币兼容性问题导致的记账缺陷，从而不断通过`抵押/提现`操作将 ZABUFarm 合约中的 SPORE 资金消耗至一个极低的数值。而 ZABUFarm 合约的抵押奖励正是通过累积的区块奖励除合约中抵押的 SPORE 代币总量参与计算的，因此当 ZABUFarm 合约中的 SPORE 代币总量降低到一个极低的数值时无疑会计算出一个极大的奖励数值。 4. 攻击者通过先前已在 ZABUFarm 中有进行抵押的攻击合约 1 获取了大量的 ZABU 代币奖励，随后便对 ZABU 代币进行了抛售。 此次攻击是由于 Zabu Finance 的抵押模型与 SPORE 代币不兼容导致的，此类问题导致的攻击已经发生的多起，慢雾安全团队建议：项目抵押模型在对接通缩型代币时应记录用户在转账前后合约实际的代币变化，而不是依赖于用户传入的抵押代币数量。 攻击合约 1： 0x0e65Fb2c02C72E9a2e32Cc42837df7E46219F400 攻击合约 2： 0x5c9AD7b877F06e751Ee006A3F27546757BBE53Dd 抵押交易： 0xf76b37ed46c218d4b791e9769b139c3e1f43d1888f37ff0a647c7a8bb58528fb 攻击交易： 0x0d65ce5c7a0c072b14ec5da08488d07778f334a7ddb6b7a30df97f274f3e1eb3 获利交易： 0x8b3042e55a63f39bb388240a089cf4d51e59abe7cb0bff303c6dbb19eaeb75ac

[原文链接]

: The item on the slow fog chain is attacked by lightning loan. The item on the slow fog chain is attacked by lightning loan. The block rhythm is the source of the blockchain network rhythm news. On the morning, the project is attacked by lightning loan. The slow fog security team analyzed the following: the attacker first created two attack contracts, and then exchanged the obtained tokens into the contracts through the attack contracts to prepare for the subsequent token reward. The attacker borrowed tokens from the lightning loan through the attack contracts, and then began to use the tokens continuously in the contracts. In the analysis, we noticed that the contract will directly record the number of mortgages introduced by the user when the user mortgages, instead of the actual number of tokens received by the contract, but the contract allows the user to withdraw all the mortgages recorded by the contract when the user withdraws them, which leads to the contract when the attacker mortgages. The number of tokens actually received is less than the number of tokens that the attacker transferred to the attacker when the contract was presented. The attacker took advantage of the accounting defect caused by the compatibility problem between the contract and the tokens, so he constantly consumed the funds in the contract to a very low value through the mortgage withdrawal operation, and the mortgage reward of the contract was calculated by dividing the total amount of mortgaged tokens in the contract by the accumulated block reward, so when the total amount of tokens in the contract decreased to a very low value, one would undoubtedly be calculated. Huge reward value The attacker obtained a large number of token rewards through an attack contract that had been mortgaged in the past, and then sold the tokens. This attack was caused by such problems as the incompatibility between the mortgage model and the tokens. There have been many slow fog attacks. The security team suggested that the project mortgage model should record the actual token changes of the contract before and after the transfer, rather than relying on the number of mortgage tokens introduced by the user. Attack contract attack contract mortgage transaction attack profit transaction Original link. 比特币今日价格行情网_okx交易所app_永续合约_比特币怎么买卖交易_虚拟币交易所平台

注册有任何问题请添加 微信：MVIP619 拉你进入群

文章转载注明 网址：https://netpsp.com/?id=52708