Early warning: wavefield dapp may become a new target for hackers

Early warning: wavefield dapp may become a new target for hackers

Wavefield DApp tronbank was attacked by a counterfeit currency at 1 am on April 11. On the morning of the 11th, the Beosin Chengdu Chain Security technical team made a preliminary analysis to determine that the main reason for the counterfeit currency attack was that the contract did not strictly verify the unique identifier token ID of the token, and incorrectly identified the attacker’s own valueless token as The BTT token worth 850,000 yuan caused losses. When checking other open source project code on Github, I found that there are other project parties with this security issue: the following is the problematic contract address: TF3YXXXXXXXXXXXXXXXXXXXXXXXWt3hx; TKHNXXXXXXXXXXXXXXXXXXXXXXXAEzx5;

TK8NXXXXXXXXXXXXXXXXXXXXXXXZkQy;

TUvUXXXXXXXXXXXXXXXXXXXXXXXxLETV;

TG17XXXXXXXXXXXXXXXXXXXXXXXkQ9i.

According to the analysis of the Beosin Chengdu Chain Security technical team, there are two reasons for the above problems: 1) The developer's research on the use mechanism of the wave field token is insufficient, and the use of the tokens in Ethereum may be applied; 2) The attacker The attack mode that exists on other public links, such as the counterfeit currency attack mode that EOS already exists. Remedy: In this regard, the Beosin Chengdu Chain Security technical team suggested that the project side should simultaneously determine whether msg.tokenvalue and msg.tokenid meet expectations when receiving the replacement currency. And give the vulnerability code repair method, as follows: Invest function to increase the code; require (msg.tokenid == 1002000); require (msg.tokenvalue >= minimum); minimum is the minimum investment amount.

We will continue to update Blocking; if you have any questions or suggestions, please contact us!

Share:

Was this article helpful?

93 out of 132 found this helpful

Discover more

Blockchain

Viewpoint | The cryptocurrency industry has reached a watershed, IXO to the left, mature public chain to the right

For the cryptocurrency industry, last week was undoubtedly very heavy. According to Babbitt reports: The US Senate se...

Market

The European Commission proposes Web4.0, is it a gimmick or a disruption?

On July 11th, the European Commission approved a new strategy for Web4 and virtual worlds to guide the next technolog...

Blockchain

Free and Easy Weekly Review | How Selfish Mining Strategies Affect Every Half Coin

Write in front: With the advent of the new cycle of cryptocurrencies, miners have ushered in the spring, and what is ...

Blockchain

Market Analysis: BTC continues to triumph

A recent study found that more than 10% of South African Internet users have cryptocurrencies that are twice the glob...

Blockchain

The stability of the certification is afraid of being regulated, will Tether give up the USDT?

Interpretation today According to Crypto Briefing, Tether CTO said that Tether is working on a new algorithm for stab...

Blockchain

Fed announces unlimited QE, bitcoin surges 10%

On the evening of March 23, Beijing time, before the stock market opened, the Fed announced a new round of large-scal...