Zodiac Releases Security Incident Post-Mortem: ERC-1271 Verification Flaw Allowed Attackers to Bypass Module Authentication

Odaily reported that the Zodiac team has published an analysis report on the security incident affecting the Zodiac Roles Modifier, disclosing that the root cause of the vulnerability lies in a flaw in the ERC-1271 transaction signature verification logic: the system only determines the validity of a signature based on the returned "magic value" without verifying whether the call itself was successful, potentially allowing a failed verification to be disguised as a valid signature and bypass the module authentication mechanism.

Zodiac clarified that this vulnerability can only be exploited under specific configurations, and EOA role members as well as other deployments not using the related module remain unaffected. Affected users have been notified, and self-service detection and remediation tools have been launched. In collaboration with white-hat teams, asset recovery efforts are underway, with over 99% of at-risk funds already secured. The relevant contracts have been repaired and have passed independent audits, with services now restored to normal.