Early warning: wavefield dapp may become a new target for hackers

Early warning: wavefield dapp may become a new target for hackers

Wavefield DApp tronbank was attacked by a counterfeit currency at 1 am on April 11. On the morning of the 11th, the Beosin Chengdu Chain Security technical team made a preliminary analysis to determine that the main reason for the counterfeit currency attack was that the contract did not strictly verify the unique identifier token ID of the token, and incorrectly identified the attacker’s own valueless token as The BTT token worth 850,000 yuan caused losses. When checking other open source project code on Github, I found that there are other project parties with this security issue: the following is the problematic contract address: TF3YXXXXXXXXXXXXXXXXXXXXXXXWt3hx; TKHNXXXXXXXXXXXXXXXXXXXXXXXAEzx5;

TK8NXXXXXXXXXXXXXXXXXXXXXXXZkQy;

TUvUXXXXXXXXXXXXXXXXXXXXXXXxLETV;

TG17XXXXXXXXXXXXXXXXXXXXXXXkQ9i.

According to the analysis of the Beosin Chengdu Chain Security technical team, there are two reasons for the above problems: 1) The developer's research on the use mechanism of the wave field token is insufficient, and the use of the tokens in Ethereum may be applied; 2) The attacker The attack mode that exists on other public links, such as the counterfeit currency attack mode that EOS already exists. Remedy: In this regard, the Beosin Chengdu Chain Security technical team suggested that the project side should simultaneously determine whether msg.tokenvalue and msg.tokenid meet expectations when receiving the replacement currency. And give the vulnerability code repair method, as follows: Invest function to increase the code; require (msg.tokenid == 1002000); require (msg.tokenvalue >= minimum); minimum is the minimum investment amount.

We will continue to update Blocking; if you have any questions or suggestions, please contact us!

Share:

Was this article helpful?

93 out of 132 found this helpful

Discover more

Blockchain

Research Report | The main currency calculations have hit record highs, and the trading volume is expected to hit the peak again during the year.

First, weekly industry dynamics 1. At present, the total market value of the encrypted goods market is 285.251 billio...

Market

There are 5 million BTCs lost worldwide. Is this the reason why BTC prices can rise further?

With the gradual recovery of the market, many newcomers have entered the market. Before the heroes explained some bas...

Blockchain

BTC turned into the triangle shock zone, and the market began to stabilize.

Author | Hash sent analysis team Bitcoin's new high 5400 US dollars, the upper and lower pins burstMarket Analys...

Blockchain

The secret history of Bitcoin: those who leave a message on the Bitcoin blockchain

Source: Hash Pie Author: LucyCheng "Diamonds last forever, one will last forever." Like diamond's ad, ...

Blockchain

In the future, how much can a bitcoin be worth?

In the currency circle, predicting prices is a tricky business. The prediction is right, everyone pushes you to the a...

Blockchain

Short-term market volatility is unstable, risk aversion is the best policy

Author | Hash Pie Analytics Team Bitcoin's new high 5400 US dollars, the upper and lower pins burstMarket Analys...