Preorder drugiego tomu książki sekuraka: Wprowadzenie do bezpieczeństwa IT. -15% z kodem: sekurak-book
Zrobili 3 audyty bezpieczeństwa + bug bounty, a tu dupa. Ktoś prostym trickiem wykradł równowartość 125 000 000 zł
MonoX Finance pisze, że winny jest błąd w smart kontrakcie. Dla laików – wymiana kryptowaluty (MONO token) na nią samą, powodowała nieoczekiwany wzrost jej wartości. Teraz zapętlić i mamy wysokiej wartości walutę (token), za którą możemy kupić coś innego. No więc kupili. W sumie za około 125 000 000 zł:
The exploit was caused by a smart contract bug that allows the sold and bought token to be the same. In the case of the attack, it was our native MONO token. When a swap was taking place and tokenIn was the same as tokenOut, the transaction was permitted by the contract.
Any price updates from swap from tokenIn and tokenOut were independently verified by the contract. With tokenOut being verified last, this caused a massive price appreciation of MONO. The attacker then used the highly priced MONO to purchase all the other assets in our pool and drained the funds.
Roughly $31M was drained from the pool as a result of the hack.
~ms