Content

MetaTrust：Earning.Farm遭到攻击，原因是合约的 "提款 "函数存在逻辑问题

星球日报2023-08-10 09:59:13

Favorite

根据 MetaTrust Alert 推文提示，部署在 Ethereum 上的项目 Earning.Farm 遭到攻击，截止至现在，遭受攻击损失金额已达约 288 $ETH，价值$ 536, 000 美元。所有代币已被入新的钱包 ( 0 x ee 4 b 3 d)。

此漏洞的根本原因是 "EFVault "合约的 "提款 "函数中存在逻辑问题，该函数允许用户在 "ENF_ETHLEV "余额少于预期份额时仅烧毁用户的 "ENF_ETHLEV "余额。

攻击步骤

1/ 攻击者从闪贷中获得 10, 000 个以太坊，将其中的 80 个存入`ENF_ETHLEV`合约，并获得 295 e 18 个份额。

2/ 攻击者通过调用 `withdraw` 函数从 `ENF_ETHLEV` 合约中提取 295 e 18 份。然后，"withdraw "函数调用外部合约 "controller "的 withdraw 函数，触发攻击者合约的回退函数。

3/ 在回退函数中，攻击者将 ( 295 e 18 - 1000) `ENF_ETHEV` 代币转移到一个新的钱包 0 x fd 29 f 2 ，结果攻击者只被烧掉 1000 个 `ENF-ETHEV` 代币。

4/ 攻击者将 0 x fd 29 f 2 钱包中的 `ENF_ETHEV` 代币转换为 ETH，偿还闪贷，并从中获利。

MetaTrust：Earning.Farm遭到攻击，原因是合约的

Disclaimer: This article is copyrighted by the original author and does not represent MyToken’s views and positions. If you have any questions regarding content or copyright, please contact us.(www.mytokencap.com)contact

About MyToken:https://www.mytokencap.com/aboutusArticle Link:https://www.mytokencap.com/news/445517

Previous:全链游戏内核剖析：MUD引擎与World Engine

Next:“科太币”暴涨背后的疯狂轮回

PEPE Becomes Most Traded Meme Coin, Outsmarting DOGE With $4-B Volume

PEPE token is hogging the headlines, and for the right reasons. The meme coin, defying the odds, has...

NewsBTC 2025-05-12 23:00:14

CryptoQuant’s Exit Strategy: The Smart Way to Sell Without Missing a Huge Rally

CryptoQuant’s latest report shows the smart way to sell your holdings without missing the rally. All...

blockchainreporter 2025-05-12 23:00:00

Coinbase to Join S&P 500 on May 19: COIN Price Gains Bullish Momentum

The post Coinbase to Join S&P 500 on May 19: COIN Price Gains Bullish Momentum appeared first on Coi...

CoinPedia 2025-05-12 22:08:44