Early warning: wavefield dapp may become a new target for hackers

Early warning: wavefield dapp may become a new target for hackers

Wavefield DApp tronbank was attacked by a counterfeit currency at 1 am on April 11. On the morning of the 11th, the Beosin Chengdu Chain Security technical team made a preliminary analysis to determine that the main reason for the counterfeit currency attack was that the contract did not strictly verify the unique identifier token ID of the token, and incorrectly identified the attacker’s own valueless token as The BTT token worth 850,000 yuan caused losses. When checking other open source project code on Github, I found that there are other project parties with this security issue: the following is the problematic contract address: TF3YXXXXXXXXXXXXXXXXXXXXXXXWt3hx; TKHNXXXXXXXXXXXXXXXXXXXXXXXAEzx5;

TK8NXXXXXXXXXXXXXXXXXXXXXXXZkQy;

TUvUXXXXXXXXXXXXXXXXXXXXXXXxLETV;

TG17XXXXXXXXXXXXXXXXXXXXXXXkQ9i.

According to the analysis of the Beosin Chengdu Chain Security technical team, there are two reasons for the above problems: 1) The developer's research on the use mechanism of the wave field token is insufficient, and the use of the tokens in Ethereum may be applied; 2) The attacker The attack mode that exists on other public links, such as the counterfeit currency attack mode that EOS already exists. Remedy: In this regard, the Beosin Chengdu Chain Security technical team suggested that the project side should simultaneously determine whether msg.tokenvalue and msg.tokenid meet expectations when receiving the replacement currency. And give the vulnerability code repair method, as follows: Invest function to increase the code; require (msg.tokenid == 1002000); require (msg.tokenvalue >= minimum); minimum is the minimum investment amount.

We will continue to update Blocking; if you have any questions or suggestions, please contact us!

Share:

Was this article helpful?

93 out of 132 found this helpful

Discover more

Blockchain

The whale moves frequently, this new block actually holds 900,000 bitcoins, which is equivalent to Satoshi's bitcoin holdings

Over the past day, bitcoin whale activity has intensified, with amazingly large transactions on the blockchain. But a...

Blockchain

Who is the "golden master" behind the Bitcoin developer? Read the history of bitcoin development funding in a text

In this article, we explore the importance of funding open source development, existing funding mechanisms, and the t...

Market

In 2019, Bitcoin has risen 37%!

According to OnChainFX, since January 1, the exchange rate of the Bitcoin against the US dollar has risen 37% so far ...

Blockchain

Who is Bitcoin and Ethereum who died first? V gods and Bitcoiner have a confrontation debate

"Forbes" issued a letter on August 27, "Ethereum is almost full, so the digital account better than Bi...

Blockchain

Square Q2 Bitcoin sales hit a new high, reaching $125 million, the founder confessed to BTC

Payment company Square announced its second-quarter earnings on Thursday, showing that its Cash App sales of Bitcoin ...

Market

Buffett’s remarks at this year’s shareholders’ meeting: I hope Apple’s share price will fall, Bitcoin

These more than 40,000 participants have one thing in common. They are all Berkshire shareholders. More famous than t...