Solidity security researcher Quit said an attacker exploited Flooring Protocol by abusing an ownership-check flaw in BT404-style accounting logic to create a “ghost ownership” state, then combined multiple integer underflow issues to obtain an unlimited fpToken balance, sell tokens, and drain protocol liquidity.
According to Odaily, Quit said that after identifying another attack path that could affect more pools, he and several security researchers launched a white-hat rescue operation and moved assets out of vulnerable Flooring Protocol pools.
Quit said the team rescued 66 NFTs, including 29 Bored Ape Yacht Club NFTs, four Mutant Ape Yacht Club NFTs, two CryptoPunks, one Azuki, two Elementals, 26 Captains, one Moonbird, two Doodles, and one Bored Ape Kennel Club NFT, with a total value of more than $500,000.
Quit advised users not to continue depositing NFTs into Flooring Protocol and said the recovered NFTs will be returned to their rightful owners in the coming weeks.
Flooring Protocol Exploit Drains Liquidity After fpToken Balance Manipulation, Researcher Quit Says
2026-06-08 05:38:16
Disclaimer:
1. The information provided does not constitute investment advice. Investors should make independent decisions and bear all risks themselves.
2. The copyright of this content belongs to the original author. The views expressed herein are solely those of the author and do not represent the stance or position of this website.
Previous article:
以太坊基金会:警惕slop.computer假号
