Trending News: Conversation Vitalik Buterin: Fusaka upgrade is planned in the second half of the yearThree reasons why Ethereum is in troubleCan altcoin ETFs avoid the fate of Ethereum ETFs?a16z: Stablecoin GuideWhat is a reciprocal tariff?How does it affect the crypto industry?Web3 Entertainment New Era: How Short Shows Unlock Personal Influence Growth PasswordWho is continuing to buy BTC crazy?Institutions “break up” with Ethereum but still can’t let go ETHBeyond motivation: How to build a lasting DeFi ecosystemBinance launches Alpha points, understand all the rulesAvail Lianchuang: Ethereum may bring high throughput chain through the expansion of multiple L2sParadigm Huang Gongyu: Details of early investment in Zhang Yiming, encryption technology trendsGlassnode: Has the sentiment in the crypto market completely changed?谁在获利?What is the bottom of Ethereum?Is the ETH bull market coming soon?Golden Encyclopedia | What is quantitative easing?How does it work?Web3 Entrepreneurship New Logic under the New Global Trade OrderRussia’s Ministry of Finance and Central Bank intends to launch national cryptocurrency exchangesEthereum Pectra Upgrade GuideTrump: My $300 million TRUMP has just been unlocked. Don’t run and come and play the rankingsRethinking Bitcoin’s Lightning Network Design through Thunderbolt’s PerspectiveCrypto market may usher in a trend reversal to capture investment opportunities from short-term capital10K Quarterly Report: How to Find Definition in the Uncertainty Crypto IndustryLeaping Ethereum AsylumHow is the “outdated” superstar protocol of Web3 now?Coingecko: Can artificial intelligence agents invest better?Hayes: In-depth analysis of tariff wars and treasury bonds and why BTC will break new highsMeme Coin did not destroy this cycle, but accelerated the maturity of the industryBankless: Vitalik’s virtual machine proposalBankless: What are the decentralized content creation platforms worth paying attention to?Can Ethereum regain its strength?Three key problemsTrump tariffs: a unilateral blackmailWikiLeaks, Google and Bitcoin: What challenges does BTC face in 2011?The dollar credit was cut in the middle, and gold soaredChuan Diudu Can you fire Boss Bao?VIRTUAL’s investment valueOn the “Pattern” of Digital City-StateAfter the tariff war: How global capital rebalancing will affect BitcoinEthereum’s crossroads: a strategic breakthrough in reconstructing the L2 ecosystemEthereum is brewing a deep technological change led by ZK technologyBTC 2025 Q3 Outlook: When will the crypto market top again?Is Base “stealing” Ethereum’s GDP?Vitalik’s new proposal: RISC-V as the virtual machine language for EVM smart contractsCoinbase: What events are affecting the current crypto market?Historic Trend: Bitcoin is Being a Safe-Habiting AssetWhat makes cryptocurrency rug pull events happen frequently?Wintermute Ventures: Why do we invest in Euler?Can Trump fire Powell?What economic risks will it bring?Glassnode: Are we experiencing a bull-bear transition?The Post Web Accelerator’s first batch of 8 selected projectsWhich one is more “just” between Nubit, Babylon and Bitlayer?Golden Encyclopedia | How did the trade war affect stocks and crypto markets?Golden Encyclopedia | Is BTC a safe haven during the trade war?Why Americans Want to Leave the United States: Economic, Political and Global ChangesData: BTC mining is highly centralized, and six major mining pools mine more than 95% of the blocksWhat is the core of the game between China and the United States caused by Trump’s tariff war?How to go to the marketWhy does blockchain die?What challenges does blockchain adoption face?Report: DeFi lending has increased by 959% since 2022 to $19.1 billionBitwise: Bitcoin’s extraordinary resilienceBankless: Can Bitcoin flourish on the chain?Coingecko: How wide is the adoption of encryption AI in 2025?Coingecko: How trust is people in AI agent KOLsHow much impact does Trump’s overturning IRS rules have on the crypto field?What is a bear market attack?How whales use them to make money in crypto tradingDeepSeek accelerates web3 transformation and changes corporate value and risk management modelsThis is the truth Trump is being stabbed by Japanese institutionsInterpretation of SEAL: Sui’s decentralized key management solutionWho made Trump change his mindTrump’s 180-degree turn What happened in the 18 hours of changing the global marketReciprocal tariffs are suspended, crypto markets are surging, and only China is in troubleQuick view of Binance HODLer Phase 14 Airdrop Project Babylon (BABY)US Senator: What status should Bitcoin have in the United States?Coingecko: Which listed companies are major BTC holders?Sei Lianchuang: Expanding EVM requires L1 instead of L2The full text of the latest speech by Trump’s think tank: The essence of the United States’ “reciprocal tariffs”Vitalik’s latest speech: Why speed up L2 confirmation?How to speed upEthereum Pectra Upgrade: Is it a milestone or another gimmick?CZ Fireside Dialogue: HODL Strategy Challenges, Survival Rules under Market VolatilityStablecoin earnings guideMusk openly criticizes the tariff faction and calls for Europe and the United States to establish a free trade zone with zero tariffsEmily Parker: 2025 Web3 trends int and US and AsiaEmily Parker: How to bridge the Web3 assets and traditional capitalGMGN Co-founder Haze’s speechXiao Feng Hong Kong’s latest speech: Why is it said that public chains are a new generation of financial infrastructureSolana Lily’s speechBitcoin will benefit from the ebb of the US dollar reserve system and the global de-dollarization trendFrom traditional replication to innovation Can Backpack seize the future?Saylor’s $200 trillion BTC strategy: U.S. BTC domination and immortalityEthereum’s two major upgrades to Pectra and Fusaka are explained in detail. What will be brought to ETH?Coingecko: How do investors view the potential of crypto AI technology?Galaxy: Research on the current situation of Futarchy governance system and on-chain forecast marketThe latest updates from ETH and Solana: What are the things to pay attention to?Golden Encyclopedia | What is address poisoning attack? How to avoid it?Quick view of Binance HODLer’s latest airdrop project Particle NetworkWill Celestia pose a threat to Ethereum?Ethereum supply tightening: a prelude to a price rebound or a temporary fog?BSC Meme’s popularity remains unabated for a week. Can it really work this time?Galaxy: The Twilight Road to Web3 GamesEthereum declines, PVP prevails, misses the summer of 2020Why invest in AR?How Bitcoin Takes Over Wall Street
Tue. Apr 29th, 2025
Trending News: Conversation Vitalik Buterin: Fusaka upgrade is planned in the second half of the yearThree reasons why Ethereum is in troubleCan altcoin ETFs avoid the fate of Ethereum ETFs?a16z: Stablecoin GuideWhat is a reciprocal tariff?How does it affect the crypto industry?Web3 Entertainment New Era: How Short Shows Unlock Personal Influence Growth PasswordWho is continuing to buy BTC crazy?Institutions “break up” with Ethereum but still can’t let go ETHBeyond motivation: How to build a lasting DeFi ecosystemBinance launches Alpha points, understand all the rulesAvail Lianchuang: Ethereum may bring high throughput chain through the expansion of multiple L2sParadigm Huang Gongyu: Details of early investment in Zhang Yiming, encryption technology trendsGlassnode: Has the sentiment in the crypto market completely changed?谁在获利?What is the bottom of Ethereum?Is the ETH bull market coming soon?Golden Encyclopedia | What is quantitative easing?How does it work?Web3 Entrepreneurship New Logic under the New Global Trade OrderRussia’s Ministry of Finance and Central Bank intends to launch national cryptocurrency exchangesEthereum Pectra Upgrade GuideTrump: My $300 million TRUMP has just been unlocked. Don’t run and come and play the rankingsRethinking Bitcoin’s Lightning Network Design through Thunderbolt’s PerspectiveCrypto market may usher in a trend reversal to capture investment opportunities from short-term capital10K Quarterly Report: How to Find Definition in the Uncertainty Crypto IndustryLeaping Ethereum AsylumHow is the “outdated” superstar protocol of Web3 now?Coingecko: Can artificial intelligence agents invest better?Hayes: In-depth analysis of tariff wars and treasury bonds and why BTC will break new highsMeme Coin did not destroy this cycle, but accelerated the maturity of the industryBankless: Vitalik’s virtual machine proposalBankless: What are the decentralized content creation platforms worth paying attention to?Can Ethereum regain its strength?Three key problemsTrump tariffs: a unilateral blackmailWikiLeaks, Google and Bitcoin: What challenges does BTC face in 2011?The dollar credit was cut in the middle, and gold soaredChuan Diudu Can you fire Boss Bao?VIRTUAL’s investment valueOn the “Pattern” of Digital City-StateAfter the tariff war: How global capital rebalancing will affect BitcoinEthereum’s crossroads: a strategic breakthrough in reconstructing the L2 ecosystemEthereum is brewing a deep technological change led by ZK technologyBTC 2025 Q3 Outlook: When will the crypto market top again?Is Base “stealing” Ethereum’s GDP?Vitalik’s new proposal: RISC-V as the virtual machine language for EVM smart contractsCoinbase: What events are affecting the current crypto market?Historic Trend: Bitcoin is Being a Safe-Habiting AssetWhat makes cryptocurrency rug pull events happen frequently?Wintermute Ventures: Why do we invest in Euler?Can Trump fire Powell?What economic risks will it bring?Glassnode: Are we experiencing a bull-bear transition?The Post Web Accelerator’s first batch of 8 selected projectsWhich one is more “just” between Nubit, Babylon and Bitlayer?Golden Encyclopedia | How did the trade war affect stocks and crypto markets?Golden Encyclopedia | Is BTC a safe haven during the trade war?Why Americans Want to Leave the United States: Economic, Political and Global ChangesData: BTC mining is highly centralized, and six major mining pools mine more than 95% of the blocksWhat is the core of the game between China and the United States caused by Trump’s tariff war?How to go to the marketWhy does blockchain die?What challenges does blockchain adoption face?Report: DeFi lending has increased by 959% since 2022 to $19.1 billionBitwise: Bitcoin’s extraordinary resilienceBankless: Can Bitcoin flourish on the chain?Coingecko: How wide is the adoption of encryption AI in 2025?Coingecko: How trust is people in AI agent KOLsHow much impact does Trump’s overturning IRS rules have on the crypto field?What is a bear market attack?How whales use them to make money in crypto tradingDeepSeek accelerates web3 transformation and changes corporate value and risk management modelsThis is the truth Trump is being stabbed by Japanese institutionsInterpretation of SEAL: Sui’s decentralized key management solutionWho made Trump change his mindTrump’s 180-degree turn What happened in the 18 hours of changing the global marketReciprocal tariffs are suspended, crypto markets are surging, and only China is in troubleQuick view of Binance HODLer Phase 14 Airdrop Project Babylon (BABY)US Senator: What status should Bitcoin have in the United States?Coingecko: Which listed companies are major BTC holders?Sei Lianchuang: Expanding EVM requires L1 instead of L2The full text of the latest speech by Trump’s think tank: The essence of the United States’ “reciprocal tariffs”Vitalik’s latest speech: Why speed up L2 confirmation?How to speed upEthereum Pectra Upgrade: Is it a milestone or another gimmick?CZ Fireside Dialogue: HODL Strategy Challenges, Survival Rules under Market VolatilityStablecoin earnings guideMusk openly criticizes the tariff faction and calls for Europe and the United States to establish a free trade zone with zero tariffsEmily Parker: 2025 Web3 trends int and US and AsiaEmily Parker: How to bridge the Web3 assets and traditional capitalGMGN Co-founder Haze’s speechXiao Feng Hong Kong’s latest speech: Why is it said that public chains are a new generation of financial infrastructureSolana Lily’s speechBitcoin will benefit from the ebb of the US dollar reserve system and the global de-dollarization trendFrom traditional replication to innovation Can Backpack seize the future?Saylor’s $200 trillion BTC strategy: U.S. BTC domination and immortalityEthereum’s two major upgrades to Pectra and Fusaka are explained in detail. What will be brought to ETH?Coingecko: How do investors view the potential of crypto AI technology?Galaxy: Research on the current situation of Futarchy governance system and on-chain forecast marketThe latest updates from ETH and Solana: What are the things to pay attention to?Golden Encyclopedia | What is address poisoning attack? How to avoid it?Quick view of Binance HODLer’s latest airdrop project Particle NetworkWill Celestia pose a threat to Ethereum?Ethereum supply tightening: a prelude to a price rebound or a temporary fog?BSC Meme’s popularity remains unabated for a week. Can it really work this time?Galaxy: The Twilight Road to Web3 GamesEthereum declines, PVP prevails, misses the summer of 2020Why invest in AR?How Bitcoin Takes Over Wall Street
Tue. Apr 29th, 2025

Wooppv2 contract project on the Arbitrum chain is attacked and analyzed

Source: Beosin

Late at night on March 5, 2024, Beijing time, according to the Beosin Trace platform, the WoopPV2 contract project on the Arbitrum chain was attacked by price control, causing a loss of about $ 8.5 million.Hackers use Lightning Loan to borrow USDC.E and WOO tokens, and then frequently exchange tokens via WOOPPV2 contracts.Due to the defects of the price calculation of the WOPPV2 contract, hackers can control the price during the exchange process, causing a large number of WOO tokens to be stolen.The Beosin security team analyzed the incident as soon as possible.

Vulnerability analysis

There is a SWAP function in the wooppv2 contract,The user can call this function for token exchanges. This is mainly the exchange between USDC.E and WOO (the following is analyzed according to the exchange between USDC.E and WOO), where the quotetoken variable in the function represents USDC.e.

The _Sellquote function is similar to the logic of the _Sellbase function. They are calculated to the number of tokens redeemed according to the price, and then send the token to the caller._Sellquote is a function called when the caller uses USDC.E to exchange WOO token. The main functions are state and _CalcbaseAmountSellquote. State is a structure used to return to save WOO prices. Calculate quantity and new priceFunction.

Next, let’s look at the logic of _calcbaseamountSellquote function. The Baseamount is the calculated amount of exchange. The main logic is the number of USDC.E except for the price of WOO. The number of WOOs can be exchanged.New price after exchanges.

The _SellBase function is the same as the _Sellquote function, but the _calcquoteamountSellBase function is slightly different. The main logic is that the number of WOO is multiplied by the price of WOO, and the number of USDC.E can be exchanged.

According to the logic of exchange, we can find a problem,The calculation logic of this exchange quantity is different from the traditional SWAP multiplication model of traditional SWAP such as UNISWAP. This mode is directly calculated according to the price multiplication to make the exchange process does not have a slippery point, but the price will change with the exchange.If the caller is carefully calculated, the token inside can be taken out.

For example:

If there are 1,000 A tokens and 1,000 B -tokens in the pool, the price of B tokens is 1.Then if you use 500 A tokens, you can exchange 500 B tokens. At this time, the pool becomes 1500: 500, and the price of B tokens will rise, such as becoming 2.Next, using the 500 B -tokes exchanged for the exchanges will be exchanged for 1,000 A tokens, and finally the pool becomes 500: 1000 and sets out 500A tokens out of thin air.

In this incident, the attacker used the security problem. Let’s take a look at how the attacker was attacked.

Attack process

This incident attacker attacked through many same methods. Here

0xe80A16678B5008D5BE1484EC6EC6E77DC6307632030553405863FFB38C1F94266 is an example.

1. The attacker borrowed more than 10 million USDC.E and 2.72 million WOO tokens through Lightning Loan.

2. Next, the attacker uses 100,000 USDC.E to exchange WOO token in three times. At this time, you can see that the price of WOO is still at normal price. The attacker currently holds more than 8 million WOOs.

3. Then, the attacker directly used more than 8 million WOO tokens to exchange USDC.E. Due to the above problems, more than 8 million WOOs were redeemed at the normal price at this time, and more than 2,000 USDC.E, and calculated that the price of WOO at this time was 7, which reduced nearly 10 million times.

4. Finally, because the price of WOO tokens is very small, the attacking attacker uses a very small USDC.E to convert more than 8 million WOO tokens, and finally returned Lightning Loan to leave.

Fund tracking

After the hacking attack, the attacker transferred 200 ETH to the address on the Ethereum chain through the cross -chain bridge, and the remaining 2,000 ETH was stored on the address of the Arbitrum chain. The funds were not moved as of the time of press time.

In view of the price control attack incident on the Arbitrum chain, we must recognize the importance of security risks in the field of virtual assets.

    • jakiro

    Related Posts

    Binance launches Alpha points, understand all the rules
    Binance launches Alpha points, understand all the rules

    Jessy, bitchain vision The requirements for participating in Binance Wallet TGE are getting higher and higher! Previously, the popularity of Binance Wallet’s exclusive TGE brought a large amount of data…

    Continue reading
    Bankless: What are the decentralized content creation platforms worth paying attention to?
    Bankless: What are the decentralized content creation platforms worth paying attention to?

    Author: William M. Peaster, Bankless; compiled by: Tao Zhu, Bitchain Vision I have been writing in the field of crypto since 2017.Since then, I have turned writing into a career…

    Continue reading

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    You Missed

    Ethereum

    Conversation Vitalik Buterin: Fusaka upgrade is planned in the second half of the year

    • By jakiro
    • April 28, 2025
    • 6 views
    Conversation Vitalik Buterin: Fusaka upgrade is planned in the second half of the year
    Ethereum

    Three reasons why Ethereum is in trouble

    • By jakiro
    • April 28, 2025
    • 13 views
    Three reasons why Ethereum is in trouble
    Ethereum

    Can altcoin ETFs avoid the fate of Ethereum ETFs?

    • By jakiro
    • April 27, 2025
    • 13 views
    Can altcoin ETFs avoid the fate of Ethereum ETFs?
    Research Report

    a16z: Stablecoin Guide

    • By jakiro
    • April 27, 2025
    • 15 views
    a16z: Stablecoin Guide
    Encyclopedia

    What is a reciprocal tariff?How does it affect the crypto industry?

    • By jakiro
    • April 27, 2025
    • 22 views
    What is a reciprocal tariff?How does it affect the crypto industry?
    Web 3.0

    Web3 Entertainment New Era: How Short Shows Unlock Personal Influence Growth Password

    • By jakiro
    • April 26, 2025
    • 32 views
    Web3 Entertainment New Era: How Short Shows Unlock Personal Influence Growth Password
    Home
    News
    School
    Search