The DEX aggregator Rubic works over many chains. Through the routerCallNative function of the RubicProxy contract, users have the ability to trade native tokens. It will first perform a check to determine whether or not the target Router of the desired call that was entered by the user is included on the white list for the protocol before redeeming.
Monitoring conducted by PeckShield revealed that the multi-chain exchange mechanism had been compromised, which led to the loss of more than 1.4 million US dollars. The adversary compromised the Tornado Cash mixing protocol by transferring 1,100 ETH.
Following an investigation into the stolen process, the SlowMist security team came to the conclusion that the primary motivation behind the attack was the protocol’s erroneous addition of USDC tokens to the whitelist maintained by the Router. This led to the theft of USDC tokens from users who were authorized to access the RubicProxy contract.
Only after the whitelist check will the user’s user-supplied target Router be called, and the user will also supply the data that will be used to make the call. Unfortunately, USDC coins have also been added to the whitelist of the Router component of the Rubic protocol. This makes it possible for any user to randomly call USDC tokens by using the RubicProxy contract.
As a consequence of this, malicious users take advantage of this vulnerability by making calls to the USDC contract through the routerCallNative function and transferring USDC tokens from users who are authorized to access the RubicProxy contract to the account of the malicious user through the transferFrom interface.
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Join us to keep track of news: https://linktr.ee/coincu
Website: coincu.com
Chubbi
Coincu News
Dutch Blockchain Days 2024 emerges as the Netherlands' premier event dedicated to Web3 technologies, encompassing…
Welcome to the 6th edition of the Nordic Blockchain Conference (NBC), Scandinavia's premier blockchain and…
NFT Fest Lugano 2024 is set to become the biggest NFT event in Europe, offering…
BTC Prague is set to return to the capital of Czechia in June 2024, promising…
Dev/Hack/Day (DHD) is a highly anticipated one-day conference set to take place just before BTC…
Ripple is set to host the highly anticipated XRP Ledger Apex 2024, the official global…
This website uses cookies.