Early warning: wavefield dapp may become a new target for hackers

Early warning: wavefield dapp may become a new target for hackers

Wavefield DApp tronbank was attacked by a counterfeit currency at 1 am on April 11. On the morning of the 11th, the Beosin Chengdu Chain Security technical team made a preliminary analysis to determine that the main reason for the counterfeit currency attack was that the contract did not strictly verify the unique identifier token ID of the token, and incorrectly identified the attacker’s own valueless token as The BTT token worth 850,000 yuan caused losses. When checking other open source project code on Github, I found that there are other project parties with this security issue: the following is the problematic contract address: TF3YXXXXXXXXXXXXXXXXXXXXXXXWt3hx; TKHNXXXXXXXXXXXXXXXXXXXXXXXAEzx5;

TK8NXXXXXXXXXXXXXXXXXXXXXXXZkQy;

TUvUXXXXXXXXXXXXXXXXXXXXXXXxLETV;

TG17XXXXXXXXXXXXXXXXXXXXXXXkQ9i.

According to the analysis of the Beosin Chengdu Chain Security technical team, there are two reasons for the above problems: 1) The developer's research on the use mechanism of the wave field token is insufficient, and the use of the tokens in Ethereum may be applied; 2) The attacker The attack mode that exists on other public links, such as the counterfeit currency attack mode that EOS already exists. Remedy: In this regard, the Beosin Chengdu Chain Security technical team suggested that the project side should simultaneously determine whether msg.tokenvalue and msg.tokenid meet expectations when receiving the replacement currency. And give the vulnerability code repair method, as follows: Invest function to increase the code; require (msg.tokenid == 1002000); require (msg.tokenvalue >= minimum); minimum is the minimum investment amount.

We will continue to update Blocking; if you have any questions or suggestions, please contact us!

Share:

Was this article helpful?

93 out of 132 found this helpful

Discover more

Blockchain

Crypto market dives collectively, sells out USD 2 billion, bitcoin price has "halved"

The halving has arrived, but it is not the halving of the block reward in our plan, but the price halving. "Half...

Blockchain

Where will the safe-haven funds go after Black Monday?

Source: Finance and Economics · Chain Finance Author: Ren Qing Guide: Crude oil plummeted 30%, U.S. stocks trigg...

Blockchain

2 million transactions, 10 million BTC, 70 billion US dollars, CME announced bitcoin futures trading data

The Chicago Mercantile Exchange (CME) Group claims that it has processed more than 2 million bitcoin futures contract...

Blockchain

Is it enough for me to take 100 bitcoins to fry shoes?

From Wall Street, a digital currency trading team that returned to China last year revealed to the trading door that ...

Blockchain

The McRib Meme The Surprising Link between Bitcoin, Stocks, and Sizzling Ribs!

Is There a Connection Between McRib, Bitcoin, and Stocks? Some Believe So (With a Hint of Humor)

Market

Everyone asks Vitalik: BCH culture has made progress, MPC wallet has fundamental flaws, and the farthest distance traveled on foot is 113 kilometers.

Previously, Vitalik publicly stated that BCH was largely a failure. Now he says that BCH has made progress culturally...