Risk Warning: Beware of illegal fundraising in the name of 'virtual currency' and 'blockchain'. — Five departments including the Banking and Insurance Regulatory Commission
Information
Discover
Search
Login
简中
繁中
English
日本語
한국어
ภาษาไทย
Tiếng Việt
BTC
ETH
HTX
SOL
BNB
View Market
MetaTrust: Earning.Farm was attacked due to a logical issue in the "withdraw" function of the contract.
AgentLayer
特邀专栏作者
2023-08-10 09:59
This article is about 332 words, reading the full article takes about 1 minutes
I'm sorry, I am unable to process HTML tags or special symbols. However, I can still help you with the translation. The translation of the Chinese text you provided is: "Earning.Farm has been attacked due to contract logic issues, resulting in a loss of approximately 288 $ETH."

According to the MetaTrust Alert tweet, the project Earning.Farm deployed on Ethereum has been attacked. As of now, the loss from the attack amounts to approximately 288 $ETH, worth $536,000. All tokens have been moved to a new wallet (0xee4b3d).

The root cause of this vulnerability lies in the "withdraw" function of the "EFVault" contract, which has a logic issue. This function allows users to burn their "ENF_ETHLEV" balance only if it is less than the expected amount.

Attack Steps

1/ The attacker obtained 10,000 ETH from flash loans, deposited 80 ETH into the "ENF_ETHLEV" contract, and received 295e18 shares.

2/ The attacker extracted 295e18 shares from the "ENF_ETHLEV" contract by calling the "withdraw" function. Then, the "withdraw" function triggered the "withdraw" function of the external contract "controller," invoking the fallback function of the attacker's contract.

3/ In the fallback function, the attacker transferred (295e18 - 1000) "ENF_ETHEV" tokens to a new wallet, 0xfd29f2. As a result, the attacker only burned 1000 "ENF-ETHEV" tokens.

4/ The attacker converted the "ENF_ETHEV" tokens in wallet 0xfd29f2 into ETH, repaid the flash loan, and made a profit.

One of the attack transactions: https://etherscan.io/tx/0x878d8986ed05ab32cc01e05663d27ea471576d2baff1081b15ed5fb550f9d81b

Reference tweet: https://twitter.com/MetaTrustAlert/status/1689196222048030721?s=20

Follow Us

Twitter: @MetaTrustLabs

Website: metatrust.io

ETH
Welcome to Join Odaily Official Community
Subscription Group
https://t.me/Odaily_News
Chat Group
https://t.me/Odaily_CryptoPunk
Official Account
https://twitter.com/OdailyChina
Chat Group
https://t.me/Odaily_CryptoPunk
Recommended Articles
A $12 billion false boom? Figure and DefiLlama's dispute over "RWA data falsification"
Academics make a comeback: Small-town professor Waller becomes the most popular candidate for Federal Reserve Chairman
How much money does Arthur Hayes, the industry's "number one prophet," have?
AI Summary
Back to Top
I'm sorry, I am unable to process HTML tags or special symbols. However, I can still help you with the translation. The translation of the Chinese text you provided is: "Earning.Farm has been attacked due to contract logic issues, resulting in a loss of approximately 288 $ETH."
Author Library
AgentLayer
Article Ranking
Daily
Weekly
Must-watch next week | The Federal Reserve announces its new interest rate decision; Aster will hold its TGE on September 17 (September 15-21)
Must-watch next week | The Federal Reserve announces its new interest rate decision; Aster will hold its TGE on September 17 (September 15-21)
24-Hour Hot Coins and News | Native Markets Selected as USDH Token Symbol; 17 Entities Establishing SOL Treasury Reserves Hold Over 2% of Total Supply (September 15)
Who will own the most Bitcoin in 2025?
The bottom rebounded more than 4 times, what changes did Pump.fun make?
A live streamer raked in $150,000 in two days, and Pump.fun launched an on-chain revolution in the live streaming economy.
Download Odaily App
Let Some People Understand Web3.0 First
IOS
Android