Early warning: wavefield dapp may become a new target for hackers

Early warning: wavefield dapp may become a new target for hackers

Wavefield DApp tronbank was attacked by a counterfeit currency at 1 am on April 11. On the morning of the 11th, the Beosin Chengdu Chain Security technical team made a preliminary analysis to determine that the main reason for the counterfeit currency attack was that the contract did not strictly verify the unique identifier token ID of the token, and incorrectly identified the attacker’s own valueless token as The BTT token worth 850,000 yuan caused losses. When checking other open source project code on Github, I found that there are other project parties with this security issue: the following is the problematic contract address: TF3YXXXXXXXXXXXXXXXXXXXXXXXWt3hx; TKHNXXXXXXXXXXXXXXXXXXXXXXXAEzx5;

TK8NXXXXXXXXXXXXXXXXXXXXXXXZkQy;

TUvUXXXXXXXXXXXXXXXXXXXXXXXxLETV;

TG17XXXXXXXXXXXXXXXXXXXXXXXkQ9i.

According to the analysis of the Beosin Chengdu Chain Security technical team, there are two reasons for the above problems: 1) The developer's research on the use mechanism of the wave field token is insufficient, and the use of the tokens in Ethereum may be applied; 2) The attacker The attack mode that exists on other public links, such as the counterfeit currency attack mode that EOS already exists. Remedy: In this regard, the Beosin Chengdu Chain Security technical team suggested that the project side should simultaneously determine whether msg.tokenvalue and msg.tokenid meet expectations when receiving the replacement currency. And give the vulnerability code repair method, as follows: Invest function to increase the code; require (msg.tokenid == 1002000); require (msg.tokenvalue >= minimum); minimum is the minimum investment amount.

We will continue to update Blocking; if you have any questions or suggestions, please contact us!

Share:

Was this article helpful?

93 out of 132 found this helpful

Discover more

Views

No worries about secure cross-chain transactions? Understanding the xERC20 cross-chain token standard in one article.

On July 25th, Layer 2 interoperability protocol Connext announced the launch of cross-chain token standard xERC20 (ER...

Market

From hard forks to the Lightning Network, who is supporting the Bitcoin ecosystem?

In this article, we have summarized some of the main organizations and individuals that support the open-source Bitco...

Market

A Review of Eight Hot Events in the Cryptocurrency Market in Q3

Even though the financial markets are quiet, we still see exciting industry progress and new applications. Let's revi...

Market

Bitcoin Smart Contract Evolution RGB-Driven Web3 Revolution

The RGB protocol puts us at a new starting point, witnessing a future with unlimited possibilities, just like Bitcoin...

Technology

The Engine Driving the Bitcoin Bull Market Grayscale Lawsuit, Ethereum Futures ETF, and Bitcoin Spot ETF.

As the most difficult period passes, the bull market of Bitcoin is becoming the focus of market expectations.

Project

Explaining the GBRC721 protocol and its ecosystem projects that have been boosted by OrdiBots' thousand-fold increase

This article from BlockingNews will explain in detail the GBRC721 protocol and its ecosystem projects.