According to Beosin Alert monitoring and warning, the cross-chain protocol LI.FI attacked, and the Beosin security team found the vulnerability because the attacker used the call injection of the project contract to transfer the user assets authorized to the contract. LI.FI the project contract has a depositToGasZipERC20 function that can exchange the specified tokens for platform coins and deposit them in the GasZip contract, but the code at the exchange logic does not restrict the data of the call call, which allows attackers to use this function to carry out call injection attacks and extract the assets authorized by the contract.
Attacker address: 0x8B.... DcF3. Attacked contract: 0x1231.... F4EaE.
Beosin: LI.FI attacker uses the call injection of the project contract to transfer the user assets authorized to the contract
2024-07-16 15:40:30
Beosin alert monitoring warning discovery cross-chain protocol lidesk3cryptocurrencydesktopCrypto News
Disclaimer:
1. The information provided does not constitute investment advice. Investors should make independent decisions and bear all risks themselves.
2. The copyright of this content belongs to the original author. The views expressed herein are solely those of the author and do not represent the stance or position of this website.
Previous article:
Beosin:LI.FI攻击者利用项目合约的call注入将授权给合约的用户资产转走Next article:
特朗普选择JD Vance作为竞选搭档后预测市场胜选概率升至72%新高
