Trending News: Ethereum Controversy: Is It a Cryptocurrency?Hashkey, which has been subscribed nearly 400 times, will inevitably break on the first day…Why has the United Arab Emirates, which started with oil, become a new hot spot for the crypto industry?A brief discussion on the concept of “pledge media”Bankless: Which blockchain will win in the RWA space?Starting point for compliance: clarifying the legal characterization of smart contracts in different scenariosXiao Feng: The old system and revolution in the encryption world, the new coordinates of HashKeyPantera: 2025 is the year of structural progress in the crypto marketFrom “Safe Harbor” to “Compliance Innovation”: Analysis of SEC Innovation Exemption PolicyTop 10 crypto narratives of 2025 and three predictions for next yearThe “financial panopticon” is not destined: SEC chairman wants to build a third wayHow cryptography can reshape trust and freedom for individuals, businesses and societyThe real impact of quantitative easing on cryptocurrenciesNon-farm payrolls are mixed, with the unemployment rate rising to a four-year high and expectations for an interest rate cut next year rising.Will all types of assets collectively rise again?One article to understand how Account Abstraction (AA) reconstructs the Web3 experienceLooking back to 2025: What progress has been made in global crypto regulatory policies?Web3 The Dilemma and Future of Chinese EntrepreneursBrother Maji’s leverage game: Where does the “endless” money come from?Coinbase: From regulated centralized exchange to on-chain Silicon ValleyThe Economist: Cryptocurrencies’ real threat to traditional banksEthereum 2026: Is ETH undervalued via MVRV indicator?The governance battle behind Aave DAO and Aave Labs’ power gameThe Bitcoin market faces a key test and three major signals are worth paying attention toTiger Research: Bitcoin miners are “investing” in artificial intelligenceBitwise 2026 Forecast: BTC will break the four-year cycle and hit new highsGrayscale: The crypto bull market will continue in 2026, with top ten investment themes for 2026Is DAT still useful in the bear market?Prediction markets are suddenly so popular. What can you do?Beware of data traps: The “incomplete version” of U.S. non-farm payrolls and CPI is about to hitContract Algorithm Sickle: Another Discussion on Liquidation: Another Analysis of HLP and ADL MechanismsWill non-farm payrolls save U.S. stocks on Tuesday?Morgan Stanley CEO: Weak employment may help stock market riseU.S. SEC Chairman’s Roundtable Speech: The Balance between Encryption Privacy and Financial RegulationWho is paying for $25 trillion in air?Stock Market Volatility and Market Outlook: The Rise of Precious Metals and Potential Turmoil in Equity MarketsVice President of the Bank for International Settlements: What is tokenization and how to tokenize?What is the investment logic of “brainless bull” Tom Lee?The money printing machine in the currency circle wants to acquire Juventus: the offensive and defensive battle between new and old money in EuropeWhy oil economy-related investors are driving BTC’s next wave of liquidityThe U.S. SEC teaches you step-by-step how to custody crypto assetsSome observations on Solana Breakpoint 2025x402 v2 further promotes the development of AI Agent economyThe copycat quarter index fell to a new low. Has the market really changed?Bitcoin’s next narrative is “interest-bearing digital gold”2026 Encryption Market Outlook: Embracing the “Web3 New Plutocrats” EraOCC approves bank’s ‘risk-free’ crypto trading, what’s nextA full analysis of the three prediction market paths: Why are investors rushing to grab them?Polymarket bets on OpenAI releasing new model, market questions insider tradingThe future of the US economy under inflationary fissionBankless: This cryptocurrency cycle ignores EthereumSEC Chairman Nine Discussions on AI and Encryption Innovation: Remember the Mission and Return to the Missionv2 version of x402Is time spent in the crypto industry a waste of life?Let’s talk about the V2 upgrade of x402 and share some key pointsDetailed explanation of the first crypto-asset stock in HK and the first person to try itWhy doesn’t Metaplanet, Asia’s largest Bitcoin treasury company, buy the dip?Interpretation of Fusaka Upgrade: The Beginning of Ethereum’s “Data Hegemony”?The x402 V2 version is here. What are the major upgrades of the new protocol?What are the highlights of x402 protocol V2 version?J.P. Morgan turns against Wall Street: Hoards silver, blocks gold, shorts U.S. dollarFinTech 3.0: Stablecoin OrbitCARF: The next step for crypto asset regulation in Hong KongTrend Research: The blockchain revolution continues to be bullish on EthereumDTCC is approved to provide custody asset tokenization services to accelerate the popularity of digital assetsLessons learned from Farcaster: The current entrance to Web3 is not social but walletDo Kwon jailed for 15 years, prosecutors call $40 billion Luna crash a fraudA brutal truth about leverage, AI and BitcoinHashKey IPO: Asset Custody Legal StructureFed’s Monetary Policy Turn: Liquidity Injections and Economic Outlook for 2026a16z: 17 Crypto Trend Predictions for 2026OCC confirms: Banks can provide crypto intermediary services directly to customersa16z “Big Ideas for 2026: Part Two”The Fed is “passive” – ​​analysis of the December FOMC meetingThe Fed still starts printing money and releasing moneyAccount abstract research report: ETH account system intergenerational transition and the pattern of the next five yearsWill the Fed restart QE?RMP is here and the market wants to relive the good memories of 2019The evolution of the Latin American stablecoin market: from survival to growthI don’t regret investing eight years of my life in the crypto industryFrom Fusaka to Based Rollup: How far away is ETH value capture?Bitcoin liquidity has been reshaped. What new indicators should we pay attention to in the market?FOMC decision: Cut interest rate by 0.25, RMP 40 billion per month, unlimited overnight repurchaseThe Federal Reserve cuts interest rates by 25 basis points at the end of the year, and the market is obviously volatile. Where will it go in the future?Will the U.S. credit rating drop again?“Let me sing a pigeon for everyone”——December FOMC Comments + Press Conference MinutesPowell has an overtone: a well-designed “blame-breaking” and farewellTranscript of the Federal Reserve’s interest rate meeting in December 2025: RMP is comingDubai and Abu Dhabi Crypto Policy and Regulatory DirectionHuobi HTX Molly: The combination of encryption technology and traditional finance requires a closed loop of valueWill tokenization be more influential than AI?Didi is already a digital banking giant in Latin AmericaCFTC’s Rising Crypto PowerSEC Chairman predicts that the US financial market will move to the chain. Who will be the biggest winner?Tokenized Stocks and the Rise of Solana Platform xStocksRWA is like the “Internet of 1996” at the moment, but it will eventually reshape the financial industryThe Fed’s interest rate cut is almost a foregone conclusion. This meeting is more like a political stress test.Five pictures will help you understand: Where does the market go in every policy storm?Bitwise CIO: 2026 will be very strong and ICO will make a comebackReasons for cutting interest rates by 50 basis points: Weak employment, cooling inflation and divergence in the FedHashKey launches IPO: How much is Hong Kong’s “first crypto stock” worth?How companies can implement Singapore’s AI Risk Management Guidelines
Wed. Dec 17th, 2025
Trending News: Ethereum Controversy: Is It a Cryptocurrency?Hashkey, which has been subscribed nearly 400 times, will inevitably break on the first day…Why has the United Arab Emirates, which started with oil, become a new hot spot for the crypto industry?A brief discussion on the concept of “pledge media”Bankless: Which blockchain will win in the RWA space?Starting point for compliance: clarifying the legal characterization of smart contracts in different scenariosXiao Feng: The old system and revolution in the encryption world, the new coordinates of HashKeyPantera: 2025 is the year of structural progress in the crypto marketFrom “Safe Harbor” to “Compliance Innovation”: Analysis of SEC Innovation Exemption PolicyTop 10 crypto narratives of 2025 and three predictions for next yearThe “financial panopticon” is not destined: SEC chairman wants to build a third wayHow cryptography can reshape trust and freedom for individuals, businesses and societyThe real impact of quantitative easing on cryptocurrenciesNon-farm payrolls are mixed, with the unemployment rate rising to a four-year high and expectations for an interest rate cut next year rising.Will all types of assets collectively rise again?One article to understand how Account Abstraction (AA) reconstructs the Web3 experienceLooking back to 2025: What progress has been made in global crypto regulatory policies?Web3 The Dilemma and Future of Chinese EntrepreneursBrother Maji’s leverage game: Where does the “endless” money come from?Coinbase: From regulated centralized exchange to on-chain Silicon ValleyThe Economist: Cryptocurrencies’ real threat to traditional banksEthereum 2026: Is ETH undervalued via MVRV indicator?The governance battle behind Aave DAO and Aave Labs’ power gameThe Bitcoin market faces a key test and three major signals are worth paying attention toTiger Research: Bitcoin miners are “investing” in artificial intelligenceBitwise 2026 Forecast: BTC will break the four-year cycle and hit new highsGrayscale: The crypto bull market will continue in 2026, with top ten investment themes for 2026Is DAT still useful in the bear market?Prediction markets are suddenly so popular. What can you do?Beware of data traps: The “incomplete version” of U.S. non-farm payrolls and CPI is about to hitContract Algorithm Sickle: Another Discussion on Liquidation: Another Analysis of HLP and ADL MechanismsWill non-farm payrolls save U.S. stocks on Tuesday?Morgan Stanley CEO: Weak employment may help stock market riseU.S. SEC Chairman’s Roundtable Speech: The Balance between Encryption Privacy and Financial RegulationWho is paying for $25 trillion in air?Stock Market Volatility and Market Outlook: The Rise of Precious Metals and Potential Turmoil in Equity MarketsVice President of the Bank for International Settlements: What is tokenization and how to tokenize?What is the investment logic of “brainless bull” Tom Lee?The money printing machine in the currency circle wants to acquire Juventus: the offensive and defensive battle between new and old money in EuropeWhy oil economy-related investors are driving BTC’s next wave of liquidityThe U.S. SEC teaches you step-by-step how to custody crypto assetsSome observations on Solana Breakpoint 2025x402 v2 further promotes the development of AI Agent economyThe copycat quarter index fell to a new low. Has the market really changed?Bitcoin’s next narrative is “interest-bearing digital gold”2026 Encryption Market Outlook: Embracing the “Web3 New Plutocrats” EraOCC approves bank’s ‘risk-free’ crypto trading, what’s nextA full analysis of the three prediction market paths: Why are investors rushing to grab them?Polymarket bets on OpenAI releasing new model, market questions insider tradingThe future of the US economy under inflationary fissionBankless: This cryptocurrency cycle ignores EthereumSEC Chairman Nine Discussions on AI and Encryption Innovation: Remember the Mission and Return to the Missionv2 version of x402Is time spent in the crypto industry a waste of life?Let’s talk about the V2 upgrade of x402 and share some key pointsDetailed explanation of the first crypto-asset stock in HK and the first person to try itWhy doesn’t Metaplanet, Asia’s largest Bitcoin treasury company, buy the dip?Interpretation of Fusaka Upgrade: The Beginning of Ethereum’s “Data Hegemony”?The x402 V2 version is here. What are the major upgrades of the new protocol?What are the highlights of x402 protocol V2 version?J.P. Morgan turns against Wall Street: Hoards silver, blocks gold, shorts U.S. dollarFinTech 3.0: Stablecoin OrbitCARF: The next step for crypto asset regulation in Hong KongTrend Research: The blockchain revolution continues to be bullish on EthereumDTCC is approved to provide custody asset tokenization services to accelerate the popularity of digital assetsLessons learned from Farcaster: The current entrance to Web3 is not social but walletDo Kwon jailed for 15 years, prosecutors call $40 billion Luna crash a fraudA brutal truth about leverage, AI and BitcoinHashKey IPO: Asset Custody Legal StructureFed’s Monetary Policy Turn: Liquidity Injections and Economic Outlook for 2026a16z: 17 Crypto Trend Predictions for 2026OCC confirms: Banks can provide crypto intermediary services directly to customersa16z “Big Ideas for 2026: Part Two”The Fed is “passive” – ​​analysis of the December FOMC meetingThe Fed still starts printing money and releasing moneyAccount abstract research report: ETH account system intergenerational transition and the pattern of the next five yearsWill the Fed restart QE?RMP is here and the market wants to relive the good memories of 2019The evolution of the Latin American stablecoin market: from survival to growthI don’t regret investing eight years of my life in the crypto industryFrom Fusaka to Based Rollup: How far away is ETH value capture?Bitcoin liquidity has been reshaped. What new indicators should we pay attention to in the market?FOMC decision: Cut interest rate by 0.25, RMP 40 billion per month, unlimited overnight repurchaseThe Federal Reserve cuts interest rates by 25 basis points at the end of the year, and the market is obviously volatile. Where will it go in the future?Will the U.S. credit rating drop again?“Let me sing a pigeon for everyone”——December FOMC Comments + Press Conference MinutesPowell has an overtone: a well-designed “blame-breaking” and farewellTranscript of the Federal Reserve’s interest rate meeting in December 2025: RMP is comingDubai and Abu Dhabi Crypto Policy and Regulatory DirectionHuobi HTX Molly: The combination of encryption technology and traditional finance requires a closed loop of valueWill tokenization be more influential than AI?Didi is already a digital banking giant in Latin AmericaCFTC’s Rising Crypto PowerSEC Chairman predicts that the US financial market will move to the chain. Who will be the biggest winner?Tokenized Stocks and the Rise of Solana Platform xStocksRWA is like the “Internet of 1996” at the moment, but it will eventually reshape the financial industryThe Fed’s interest rate cut is almost a foregone conclusion. This meeting is more like a political stress test.Five pictures will help you understand: Where does the market go in every policy storm?Bitwise CIO: 2026 will be very strong and ICO will make a comebackReasons for cutting interest rates by 50 basis points: Weak employment, cooling inflation and divergence in the FedHashKey launches IPO: How much is Hong Kong’s “first crypto stock” worth?How companies can implement Singapore’s AI Risk Management Guidelines
Wed. Dec 17th, 2025

SharkTeam: MIM_SMELL was analyzed by the principle of attack event

Source: Sharkteam

On January 30, 2024, MIM_Spell was attacked by Lightning Loan. Due to accuracy, the project party lost $ 6.5 million.

Sharkteam conducted a technical analysis of the incident as soon as possible and summarized the means of security precautions. I hope that subsequent projects can be regarded as precepts to build a security defense line in the blockchain industry.

1. Attack transaction analysis

Attack address:

0x87F585809CE79AE39A5FA0C7C96D0D159EB678C9

Attack contract:

0xe1091d17473B049CCCD65C54F71677DA85B77A45

0x13AF445F81B0DECA5DCB2BE6C691F545C95912

0xe59b54a9e37ab69F6E9312A9B3F7253EE184E5A

Being attacked contract:

0x7259e152103756e1616a77ae982353C3751A6A90

Attack transaction:

0x26a83db7e288838dd9fee6fb7314AE58DCC6AEE9A20BF224C386FF5E80F7E4CF2

0xdb4616B89AD82062787A4E924D520639791302476484B9A6ECA5126F79B6D8777

Attack process:

1. The attacker (0x87F58580) borrowed 300,000 MIM tokens through Lightning Loan.

2. Then send 2,40,000 MIM tokens to the attacked contract (0x7259E1520) for the next step to repay the borrowing of users.

3. The attacker (0x87F58580) then called the repayFrall function to repay the borrowing of other users, and then called the repay function to repay the borrowing of other users in order. The purpose is to reduce the Elastic variable to 0.

4. After the Elastic variables are reduced to 0, the attacker (0x87F58580) creates a new attack contract (0xe59b54a9) and continuously calls the calls of BORROW and the REPAY function until Elastic = 0, BASE = 1200801838188666666521504972888 End.

5. Subsequent attacker (0x87F58580) calls the Withdraw function of the BORROW function and Degenbox contract borrowed 5000047 MIM tokens.

6. The attacker (0x87F58580) returned the Lightning Loan function and converted 4400,000 MIM tokens to 1807 ETH, and this transaction made a profit of about 450W.

Second, vulnerability analysis

The essence of the attack is that the accuracy of the borrowing variable is calculated, so that the proportion of key variable Elastic and base values ​​is unbalanced, resulting in problems when calculating the number of mortgages and borrowings, and eventually borrowed MIM token.

The BORROW function and the repay function in the attacked contract (0x7259e1520) use the upward method to calculate the two variables of Elastic and Base.

The attacker (0x87F58580) first set the Elastic variables and base variables to 0 and 97 by repaying other user borrowing.

Subsequently, the BORROW function and the repay function are continuously called and the parameter amount is 1. When the BORROW function first calls the BORROW function, the above IF logic will be executed and returned to the ADD function when Elastic = 0.This will cause elastic = 1, base = 98.

The attacker (0x87F58580) then calls the BORROW function and passed into 1. Because Elastic = 1 will execute Else logic, the calculated return value is 98. When returning to the ADD function, elastic = 2, the base variable is 196.

But at this time the attacker (0x87F58580) called the repay function and passed into 1. Since Elastic = 2, the ELSE logic will be executed., Resulting in the calculated return value 1, so that when returning to the SUB function, the Elastic variable change back 1, and the base variable is 195.

It can be seen that after experiencing the BORROW-REPAY loop, the Elastic variables remain unchanged and the base variable is almost doubled. Using this vulnerability, the hacker frequently perform the BORROW-Re guay function loop, and finally call the repay again, and finally make elastic = 0 base =120080183810681886665215049728.

When the proportion between Elastic and Base variables is seriously imbalance, the attacker (0x87F58580) can be added with a little mortgage to borrow a large number of MIM tokens through the restrictions in the Solvent modifier.

3. Safety suggestion

In response to this attack, we should follow the following precautions during the development process:

1. When calculating the relevant logic of the development accuracy, carefully consider the accuracy and the whole situation.

2. Before the project is launched, a professional third -party audit team needs to conduct smart contract audits.

    • jakiro

    Related Posts

    The governance battle behind Aave DAO and Aave Labs’ power game
    The governance battle behind Aave DAO and Aave Labs’ power game

    Author: Chen Mo, source: X, @cmdefi The recent heated debate between Aave DAO vs Aave Labs and the dispute over governance rights at the protocol layer and product layer are…

    Continue reading
    2026 Encryption Market Outlook: Embracing the “Web3 New Plutocrats” Era
    2026 Encryption Market Outlook: Embracing the “Web3 New Plutocrats” Era

    Author: danny; Source: X, @agintender In 2023, the “Los Angeles Times” once again selected Indomie as the world’s best instant noodles.This quick-cooked food from Indonesia has not only conquered taste…

    Continue reading

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    You Missed

    Investment Research

    Ethereum Controversy: Is It a Cryptocurrency?

    • By jakiro
    • December 17, 2025
    • 5 views
    Ethereum Controversy: Is It a Cryptocurrency?
    Investment Research

    Hashkey, which has been subscribed nearly 400 times, will inevitably break on the first day…

    • By jakiro
    • December 17, 2025
    • 2 views
    Hashkey, which has been subscribed nearly 400 times, will inevitably break on the first day…
    Policy

    Why has the United Arab Emirates, which started with oil, become a new hot spot for the crypto industry?

    • By jakiro
    • December 17, 2025
    • 2 views
    Why has the United Arab Emirates, which started with oil, become a new hot spot for the crypto industry?
    Investment Research

    A brief discussion on the concept of “pledge media”

    • By jakiro
    • December 17, 2025
    • 3 views
    A brief discussion on the concept of “pledge media”
    Investment Research

    Bankless: Which blockchain will win in the RWA space?

    • By jakiro
    • December 17, 2025
    • 3 views
    Bankless: Which blockchain will win in the RWA space?
    Investment Research

    Starting point for compliance: clarifying the legal characterization of smart contracts in different scenarios

    • By jakiro
    • December 17, 2025
    • 3 views
    Starting point for compliance: clarifying the legal characterization of smart contracts in different scenarios
    Home
    News
    School
    Search