空手套白狼 —— YIEDL 被黑分析

币圈资讯阅读：57 2024-04-25 23:08:21 评论：0

美化布局示例

欧易(OKX)最新版本

【遇到注册下载问题请加文章最下面的客服微信】永久享受返佣20%手续费！

APP下载全球官网大陆官网

币安(Binance)最新版本

币安交易所app【遇到注册下载问题请加文章最下面的客服微信】永久享受返佣20%手续费！

APP下载官网地址

火币HTX最新版本

火币老牌交易所【遇到注册下载问题请加文章最下面的客服微信】永久享受返佣20%手续费！

APP下载官网地址

```html

By: Sissice

背景

2024 年 4 月 24 日，据慢雾安全团队情报，BSC 链上的 YIEDL 项目遭攻击，攻击者获利约 30 万美元。慢雾安全团队对该攻击事件展开分析并将结果分享如下：

(https://twitter.com/SlowMist_Team/status/1782962346039898473)

攻击核心

本次事件的攻击核心是利用合约处理 redeem 函数调用时未能充分验证用户输入的外部参数。该参数是控制资产兑换的关键数据，通常包含特定的交易指令或路由信息。攻击者通过恶意构造这一外部参数，实现了未授权的��产转移。

交易分析

攻击者多次调用 redeem 函数，申请赎回数量为 0 的资产，此行为本身看似无害，因为赎回数量为零时通常不会触发任何实际的资金流动：

But following the redeem function reveals that the function will traverse the list of assets allowed by the contract, and if the current asset is not the asset the user wishes to receive, it will parse the dataList parameter and externally call the corresponding function in the 1inch Router. execute asset exchange operation.

And because the dataList passed here is not checked and verified, it allows the attacker to construct malicious values to execute the unoswapTo function in the 1inch Router contract to perform arbitrary controllable token exchange operations.

As a result, the WBNB-ADA Token in the Yiedl BULL contract was exchanged for BNB to the attacker's address.

In this way, the attacker can trigger token exchange operations controlled by the dataList parameter without actually owning any redemption shares, without consuming its own assets, and profit from the contract funds multiple times.

总结

The core of this attack is that the function did not sufficiently verify the dataList parameter entered by the user, allowing the attacker to construct malicious external data and use 1inch to take away the tokens in the contract. Slow fog security team recommended that the project implement strict parameter verification mechanisms in development, especially when involving fund operations in the contract, to ensure that all external calls conform to expected behavioral norms, and thoroughly secure the logic of the contract. audit to avoid similar events from happening again.

```

Background: According to the information chain of the slow fog security team, the item was attacked, and the attacker made a profit of about 10,000 US dollars. The slow fog security team analyzed the attack event and shared the following related information: the attacker's address was attacked, the contract address was partially attacked, and the transaction attack core was attacked. The attack core of this incident was that the external parameters input by the user were not fully verified when the contract processing function was called. This parameter is the key data to control asset exchange. Usually, the attacker contains specific transaction instructions or routing information. By maliciously constructing this external parameter, the unauthorized transfer transaction analysis is realized. The attacker repeatedly calls the function to apply for the redemption of assets with a quantity of, which seems harmless in itself, because when the redemption quantity is zero, it usually does not trigger any actual capital flow summary. 比特币今日价格行情网_okx交易所app_永续合约_比特币怎么买卖交易_虚拟币交易所平台

文字格式和图片示例

注册有任何问题请添加微信：MVIP619 拉你进入群