Trending News: Meme Coin did not destroy this cycle, but accelerated the maturity of the industryBankless: Vitalik’s virtual machine proposalBankless: What are the decentralized content creation platforms worth paying attention to?Can Ethereum regain its strength?Three key problemsTrump tariffs: a unilateral blackmailWikiLeaks, Google and Bitcoin: What challenges does BTC face in 2011?The dollar credit was cut in the middle, and gold soaredChuan Diudu Can you fire Boss Bao?VIRTUAL’s investment valueOn the “Pattern” of Digital City-StateAfter the tariff war: How global capital rebalancing will affect BitcoinEthereum’s crossroads: a strategic breakthrough in reconstructing the L2 ecosystemEthereum is brewing a deep technological change led by ZK technologyBTC 2025 Q3 Outlook: When will the crypto market top again?Is Base “stealing” Ethereum’s GDP?Vitalik’s new proposal: RISC-V as the virtual machine language for EVM smart contractsCoinbase: What events are affecting the current crypto market?Historic Trend: Bitcoin is Being a Safe-Habiting AssetWhat makes cryptocurrency rug pull events happen frequently?Wintermute Ventures: Why do we invest in Euler?Can Trump fire Powell?What economic risks will it bring?Glassnode: Are we experiencing a bull-bear transition?The Post Web Accelerator’s first batch of 8 selected projectsWhich one is more “just” between Nubit, Babylon and Bitlayer?Golden Encyclopedia | How did the trade war affect stocks and crypto markets?Golden Encyclopedia | Is BTC a safe haven during the trade war?Why Americans Want to Leave the United States: Economic, Political and Global ChangesData: BTC mining is highly centralized, and six major mining pools mine more than 95% of the blocksWhat is the core of the game between China and the United States caused by Trump’s tariff war?How to go to the marketWhy does blockchain die?What challenges does blockchain adoption face?Report: DeFi lending has increased by 959% since 2022 to $19.1 billionBitwise: Bitcoin’s extraordinary resilienceBankless: Can Bitcoin flourish on the chain?Coingecko: How wide is the adoption of encryption AI in 2025?Coingecko: How trust is people in AI agent KOLsHow much impact does Trump’s overturning IRS rules have on the crypto field?What is a bear market attack?How whales use them to make money in crypto tradingDeepSeek accelerates web3 transformation and changes corporate value and risk management modelsThis is the truth Trump is being stabbed by Japanese institutionsInterpretation of SEAL: Sui’s decentralized key management solutionWho made Trump change his mindTrump’s 180-degree turn What happened in the 18 hours of changing the global marketReciprocal tariffs are suspended, crypto markets are surging, and only China is in troubleQuick view of Binance HODLer Phase 14 Airdrop Project Babylon (BABY)US Senator: What status should Bitcoin have in the United States?Coingecko: Which listed companies are major BTC holders?Sei Lianchuang: Expanding EVM requires L1 instead of L2The full text of the latest speech by Trump’s think tank: The essence of the United States’ “reciprocal tariffs”Vitalik’s latest speech: Why speed up L2 confirmation?How to speed upEthereum Pectra Upgrade: Is it a milestone or another gimmick?CZ Fireside Dialogue: HODL Strategy Challenges, Survival Rules under Market VolatilityStablecoin earnings guideMusk openly criticizes the tariff faction and calls for Europe and the United States to establish a free trade zone with zero tariffsEmily Parker: 2025 Web3 trends int and US and AsiaEmily Parker: How to bridge the Web3 assets and traditional capitalGMGN Co-founder Haze’s speechXiao Feng Hong Kong’s latest speech: Why is it said that public chains are a new generation of financial infrastructureSolana Lily’s speechBitcoin will benefit from the ebb of the US dollar reserve system and the global de-dollarization trendFrom traditional replication to innovation Can Backpack seize the future?Saylor’s $200 trillion BTC strategy: U.S. BTC domination and immortalityEthereum’s two major upgrades to Pectra and Fusaka are explained in detail. What will be brought to ETH?Coingecko: How do investors view the potential of crypto AI technology?Galaxy: Research on the current situation of Futarchy governance system and on-chain forecast marketThe latest updates from ETH and Solana: What are the things to pay attention to?Golden Encyclopedia | What is address poisoning attack? How to avoid it?Quick view of Binance HODLer’s latest airdrop project Particle NetworkWill Celestia pose a threat to Ethereum?Ethereum supply tightening: a prelude to a price rebound or a temporary fog?BSC Meme’s popularity remains unabated for a week. Can it really work this time?Galaxy: The Twilight Road to Web3 GamesEthereum declines, PVP prevails, misses the summer of 2020Why invest in AR?How Bitcoin Takes Over Wall StreetThe lively thrill of CZ and MEME BNB Chain is in progressPoW mining does not constitute securities issuance. No registration is required. See what the US SEC said.PumpFun fills up the Swap puzzle, the first encrypted dApp outline appearsTrump: The United States will dominate cryptocurrencies and next-generation financial technologyWhy are North Korean hackers so good at stealing cryptocurrencies?Why can BSC successfully replicate the Solana Ecological Meme miracle?Hacker storm resurfaces: OKX suspends DEX, Binance winsAnalysis of the crypto market in 2025: MEME boom and cold thinking in the Trump eraAnalysis of the crypto market in 2025: MEME boom and cold thinking in the Trump eraEthereum price falls into a “cursed” downward trend and may continue throughout the yearStrategic Reserves and Game of Thrones II: The Encrypted Order in the Trump AgeRAY rose by more than 22% in 24 hours: Raydium LaunchLab In-depth Research ReportPectra upgrade countdown Vitalik explains the “Wallet Security” strategy in detailIt turns out that this is how BSC gets rich by beating dogsThe Middle East is coming, and the Golden Dogs are constantly on the BSC chainMubarak soared by 1300 times CZ has added several more A8 players to BSCBankless: What are native Rollups?Bitwise: Why is it said that the tariff war triggered a sharp pullback in BTC is a buying opportunityBTC pullback nearly 30% When will institutional funds returnEthereum Don’t let newcomers downThe narrative of altcoin ETF is not working?Time of liquidity ebb: Who is protecting the Tower of Babel of Ethereum?The next major upgrade to Bitcoin?Evaluation of OP_CAT and OP_CTVMake encryption great again Trump helps Wall StreetThe latest speech by former vice president of the central bank: The rise and challenge of cryptocurrenciesBitcoin’s crossroads: Bear or new highs, where will the market go
Wed. Apr 23rd, 2025
Trending News: Meme Coin did not destroy this cycle, but accelerated the maturity of the industryBankless: Vitalik’s virtual machine proposalBankless: What are the decentralized content creation platforms worth paying attention to?Can Ethereum regain its strength?Three key problemsTrump tariffs: a unilateral blackmailWikiLeaks, Google and Bitcoin: What challenges does BTC face in 2011?The dollar credit was cut in the middle, and gold soaredChuan Diudu Can you fire Boss Bao?VIRTUAL’s investment valueOn the “Pattern” of Digital City-StateAfter the tariff war: How global capital rebalancing will affect BitcoinEthereum’s crossroads: a strategic breakthrough in reconstructing the L2 ecosystemEthereum is brewing a deep technological change led by ZK technologyBTC 2025 Q3 Outlook: When will the crypto market top again?Is Base “stealing” Ethereum’s GDP?Vitalik’s new proposal: RISC-V as the virtual machine language for EVM smart contractsCoinbase: What events are affecting the current crypto market?Historic Trend: Bitcoin is Being a Safe-Habiting AssetWhat makes cryptocurrency rug pull events happen frequently?Wintermute Ventures: Why do we invest in Euler?Can Trump fire Powell?What economic risks will it bring?Glassnode: Are we experiencing a bull-bear transition?The Post Web Accelerator’s first batch of 8 selected projectsWhich one is more “just” between Nubit, Babylon and Bitlayer?Golden Encyclopedia | How did the trade war affect stocks and crypto markets?Golden Encyclopedia | Is BTC a safe haven during the trade war?Why Americans Want to Leave the United States: Economic, Political and Global ChangesData: BTC mining is highly centralized, and six major mining pools mine more than 95% of the blocksWhat is the core of the game between China and the United States caused by Trump’s tariff war?How to go to the marketWhy does blockchain die?What challenges does blockchain adoption face?Report: DeFi lending has increased by 959% since 2022 to $19.1 billionBitwise: Bitcoin’s extraordinary resilienceBankless: Can Bitcoin flourish on the chain?Coingecko: How wide is the adoption of encryption AI in 2025?Coingecko: How trust is people in AI agent KOLsHow much impact does Trump’s overturning IRS rules have on the crypto field?What is a bear market attack?How whales use them to make money in crypto tradingDeepSeek accelerates web3 transformation and changes corporate value and risk management modelsThis is the truth Trump is being stabbed by Japanese institutionsInterpretation of SEAL: Sui’s decentralized key management solutionWho made Trump change his mindTrump’s 180-degree turn What happened in the 18 hours of changing the global marketReciprocal tariffs are suspended, crypto markets are surging, and only China is in troubleQuick view of Binance HODLer Phase 14 Airdrop Project Babylon (BABY)US Senator: What status should Bitcoin have in the United States?Coingecko: Which listed companies are major BTC holders?Sei Lianchuang: Expanding EVM requires L1 instead of L2The full text of the latest speech by Trump’s think tank: The essence of the United States’ “reciprocal tariffs”Vitalik’s latest speech: Why speed up L2 confirmation?How to speed upEthereum Pectra Upgrade: Is it a milestone or another gimmick?CZ Fireside Dialogue: HODL Strategy Challenges, Survival Rules under Market VolatilityStablecoin earnings guideMusk openly criticizes the tariff faction and calls for Europe and the United States to establish a free trade zone with zero tariffsEmily Parker: 2025 Web3 trends int and US and AsiaEmily Parker: How to bridge the Web3 assets and traditional capitalGMGN Co-founder Haze’s speechXiao Feng Hong Kong’s latest speech: Why is it said that public chains are a new generation of financial infrastructureSolana Lily’s speechBitcoin will benefit from the ebb of the US dollar reserve system and the global de-dollarization trendFrom traditional replication to innovation Can Backpack seize the future?Saylor’s $200 trillion BTC strategy: U.S. BTC domination and immortalityEthereum’s two major upgrades to Pectra and Fusaka are explained in detail. What will be brought to ETH?Coingecko: How do investors view the potential of crypto AI technology?Galaxy: Research on the current situation of Futarchy governance system and on-chain forecast marketThe latest updates from ETH and Solana: What are the things to pay attention to?Golden Encyclopedia | What is address poisoning attack? How to avoid it?Quick view of Binance HODLer’s latest airdrop project Particle NetworkWill Celestia pose a threat to Ethereum?Ethereum supply tightening: a prelude to a price rebound or a temporary fog?BSC Meme’s popularity remains unabated for a week. Can it really work this time?Galaxy: The Twilight Road to Web3 GamesEthereum declines, PVP prevails, misses the summer of 2020Why invest in AR?How Bitcoin Takes Over Wall StreetThe lively thrill of CZ and MEME BNB Chain is in progressPoW mining does not constitute securities issuance. No registration is required. See what the US SEC said.PumpFun fills up the Swap puzzle, the first encrypted dApp outline appearsTrump: The United States will dominate cryptocurrencies and next-generation financial technologyWhy are North Korean hackers so good at stealing cryptocurrencies?Why can BSC successfully replicate the Solana Ecological Meme miracle?Hacker storm resurfaces: OKX suspends DEX, Binance winsAnalysis of the crypto market in 2025: MEME boom and cold thinking in the Trump eraAnalysis of the crypto market in 2025: MEME boom and cold thinking in the Trump eraEthereum price falls into a “cursed” downward trend and may continue throughout the yearStrategic Reserves and Game of Thrones II: The Encrypted Order in the Trump AgeRAY rose by more than 22% in 24 hours: Raydium LaunchLab In-depth Research ReportPectra upgrade countdown Vitalik explains the “Wallet Security” strategy in detailIt turns out that this is how BSC gets rich by beating dogsThe Middle East is coming, and the Golden Dogs are constantly on the BSC chainMubarak soared by 1300 times CZ has added several more A8 players to BSCBankless: What are native Rollups?Bitwise: Why is it said that the tariff war triggered a sharp pullback in BTC is a buying opportunityBTC pullback nearly 30% When will institutional funds returnEthereum Don’t let newcomers downThe narrative of altcoin ETF is not working?Time of liquidity ebb: Who is protecting the Tower of Babel of Ethereum?The next major upgrade to Bitcoin?Evaluation of OP_CAT and OP_CTVMake encryption great again Trump helps Wall StreetThe latest speech by former vice president of the central bank: The rise and challenge of cryptocurrenciesBitcoin’s crossroads: Bear or new highs, where will the market go
Wed. Apr 23rd, 2025

SharkTeam: MIM_SMELL was analyzed by the principle of attack event

Source: Sharkteam

On January 30, 2024, MIM_Spell was attacked by Lightning Loan. Due to accuracy, the project party lost $ 6.5 million.

Sharkteam conducted a technical analysis of the incident as soon as possible and summarized the means of security precautions. I hope that subsequent projects can be regarded as precepts to build a security defense line in the blockchain industry.

1. Attack transaction analysis

Attack address:

0x87F585809CE79AE39A5FA0C7C96D0D159EB678C9

Attack contract:

0xe1091d17473B049CCCD65C54F71677DA85B77A45

0x13AF445F81B0DECA5DCB2BE6C691F545C95912

0xe59b54a9e37ab69F6E9312A9B3F7253EE184E5A

Being attacked contract:

0x7259e152103756e1616a77ae982353C3751A6A90

Attack transaction:

0x26a83db7e288838dd9fee6fb7314AE58DCC6AEE9A20BF224C386FF5E80F7E4CF2

0xdb4616B89AD82062787A4E924D520639791302476484B9A6ECA5126F79B6D8777

Attack process:

1. The attacker (0x87F58580) borrowed 300,000 MIM tokens through Lightning Loan.

2. Then send 2,40,000 MIM tokens to the attacked contract (0x7259E1520) for the next step to repay the borrowing of users.

3. The attacker (0x87F58580) then called the repayFrall function to repay the borrowing of other users, and then called the repay function to repay the borrowing of other users in order. The purpose is to reduce the Elastic variable to 0.

4. After the Elastic variables are reduced to 0, the attacker (0x87F58580) creates a new attack contract (0xe59b54a9) and continuously calls the calls of BORROW and the REPAY function until Elastic = 0, BASE = 1200801838188666666521504972888 End.

5. Subsequent attacker (0x87F58580) calls the Withdraw function of the BORROW function and Degenbox contract borrowed 5000047 MIM tokens.

6. The attacker (0x87F58580) returned the Lightning Loan function and converted 4400,000 MIM tokens to 1807 ETH, and this transaction made a profit of about 450W.

Second, vulnerability analysis

The essence of the attack is that the accuracy of the borrowing variable is calculated, so that the proportion of key variable Elastic and base values ​​is unbalanced, resulting in problems when calculating the number of mortgages and borrowings, and eventually borrowed MIM token.

The BORROW function and the repay function in the attacked contract (0x7259e1520) use the upward method to calculate the two variables of Elastic and Base.

The attacker (0x87F58580) first set the Elastic variables and base variables to 0 and 97 by repaying other user borrowing.

Subsequently, the BORROW function and the repay function are continuously called and the parameter amount is 1. When the BORROW function first calls the BORROW function, the above IF logic will be executed and returned to the ADD function when Elastic = 0.This will cause elastic = 1, base = 98.

The attacker (0x87F58580) then calls the BORROW function and passed into 1. Because Elastic = 1 will execute Else logic, the calculated return value is 98. When returning to the ADD function, elastic = 2, the base variable is 196.

But at this time the attacker (0x87F58580) called the repay function and passed into 1. Since Elastic = 2, the ELSE logic will be executed., Resulting in the calculated return value 1, so that when returning to the SUB function, the Elastic variable change back 1, and the base variable is 195.

It can be seen that after experiencing the BORROW-REPAY loop, the Elastic variables remain unchanged and the base variable is almost doubled. Using this vulnerability, the hacker frequently perform the BORROW-Re guay function loop, and finally call the repay again, and finally make elastic = 0 base =120080183810681886665215049728.

When the proportion between Elastic and Base variables is seriously imbalance, the attacker (0x87F58580) can be added with a little mortgage to borrow a large number of MIM tokens through the restrictions in the Solvent modifier.

3. Safety suggestion

In response to this attack, we should follow the following precautions during the development process:

1. When calculating the relevant logic of the development accuracy, carefully consider the accuracy and the whole situation.

2. Before the project is launched, a professional third -party audit team needs to conduct smart contract audits.

    • jakiro

    Related Posts

    Bankless: What are the decentralized content creation platforms worth paying attention to?
    Bankless: What are the decentralized content creation platforms worth paying attention to?

    Author: William M. Peaster, Bankless; compiled by: Tao Zhu, Bitchain Vision I have been writing in the field of crypto since 2017.Since then, I have turned writing into a career…

    Continue reading
    VIRTUAL’s investment value
    VIRTUAL’s investment value

    Source: Daoshuo Blockchain AI agents are a track I am very optimistic about in this round of market.Although the entire track is now silent for various reasons, there are still…

    Continue reading

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    You Missed

    Meme

    Meme Coin did not destroy this cycle, but accelerated the maturity of the industry

    • By jakiro
    • April 22, 2025
    • 8 views
    Meme Coin did not destroy this cycle, but accelerated the maturity of the industry
    Ethereum

    Bankless: Vitalik’s virtual machine proposal

    • By jakiro
    • April 22, 2025
    • 7 views
    Bankless: Vitalik’s virtual machine proposal
    Project

    Bankless: What are the decentralized content creation platforms worth paying attention to?

    • By jakiro
    • April 22, 2025
    • 10 views
    Bankless: What are the decentralized content creation platforms worth paying attention to?
    Ethereum

    Can Ethereum regain its strength?Three key problems

    • By jakiro
    • April 22, 2025
    • 20 views
    Can Ethereum regain its strength?Three key problems
    People

    Trump tariffs: a unilateral blackmail

    • By jakiro
    • April 22, 2025
    • 9 views
    Trump tariffs: a unilateral blackmail
    People

    WikiLeaks, Google and Bitcoin: What challenges does BTC face in 2011?

    • By jakiro
    • April 22, 2025
    • 9 views
    WikiLeaks, Google and Bitcoin: What challenges does BTC face in 2011?
    Home
    News
    School
    Search