价值超50万美元，白帽团队从Flooring Protocol救出66枚NFT

Odaily Odaily reports that Solidity security researcher Quit disclosed details of the Flooring Protocol vulnerability, stating that the attacker exploited a flaw in the ownership verification logic of the BT404-style accounting ledger to create a "ghost ownership" state. This was combined with multiple integer underflow vulnerabilities to obtain an unlimited fpToken balance, ultimately selling off tokens and draining the protocol's liquidity.

Quit stated that after discovering another attack vector that could affect more liquidity pools, he and several other security researchers launched a white hat rescue operation, transferring assets from the vulnerable Flooring Protocol pools. Ultimately, 66 NFTs were rescued, including 29 BAYC, 4 MAYC, 2 CryptoPunks, 1 Azuki, 2 Elementals, 26 Captains, 1 Moonbird, 2 Doodles, and 1 BAKC, with a total value exceeding $500,000.

Quit warned users not to deposit any more NFTs into Flooring Protocol and stated that the relevant NFTs will be returned to their legitimate holders within the coming weeks.