On November 23rd, Port3 Network officials posted on social media that PORT3 adopted CATERC20, a cross-chain token scheme of the Nexa network, to support multi-chain development, but the scheme had a boundary condition verification vulnerability. After the ownership of the coin was abandoned, the return value of the function happened to match the owner verification condition, resulting in the failure of permission verification, making unauthorized access possible.
The vulnerability was not detected in the CATERC20 audit report. Since the PORT3 token had previously relinquished ownership to enhance decentralization, it happened to be in an exploitable state.
After the hacker discovered this authorization verification flaw, he initiated the RegisterChains operation at the address 0xb13A... 812E at 20:56:24 UTC, registering his own address as an authorized address. The attacker then repeated the same attack method from multiple addresses such as 0x7C2F... 551fF.
The official has contacted the mainstream exchange to suspend the deposit and withdrawal business. The next step will be to completely solve the problem by reissuing the fixed token.
PORT3: The cause of the attack is a vulnerability in CATERC20, and new tokens will be issued to completely solve the problem
2025-11-23 06:12:00
Disclaimer:
1. The information provided does not constitute investment advice. Investors should make independent decisions and bear all risks themselves.
2. The copyright of this content belongs to the original author. The views expressed herein are solely those of the author and do not represent the stance or position of this website.