Techub News message, GoPlus article analysis of the decentralized options protocol Ribbon Finance's attack principle. Attack address (0x657CDE) upgraded the price proxy contract (0xa4ac_Proxy) to a malicious implementation contract (0xE1f09d), then set the expiration times and expiration prices for the 4 tokens stETH, Aave, PAXG, LINK. After expiration, the attacker launched the attack, profiting from the erroneous prices at that time. It is noteworthy that when the project party's contract was created, the _transferOwnership state value of the attack address was already set to true, allowing it to pass contract security checks. Analysis shows that this attack address may have originally been one of the project party's management addresses, which was later controlled by hackers through social engineering attacks and other means to carry out this attack.
GoPlus: Ribbon Finance attacked possibly due to 'project management address controlled by hackers'
Disclaimer: Includes third-party opinions. No financial advice. May include sponsored content. See T&Cs.
AAVE
189.11
+2.44%
PAXG
4,324.58
+0.29%
LINK
12.97
+1.32%
Explore the latest crypto news
⚡️ Be a part of the latests discussions in crypto
💬 Interact with your favorite creators
👍 Enjoy content that interests you
Email / Phone number
Relevant Creator
@Tech-News-188