Analysis of the Truebit Protocol Contract Vulnerability Leading to a $26.44 Million Theft
- Core Viewpoint: Truebit Protocol was hacked due to an integer overflow vulnerability.
- Key Elements:
- Loss of approximately $26.44 million worth of ETH.
- The vulnerability stemmed from a logic flaw in calculations using an older version of Solidity.
- The attacker triggered the overflow by inputting an extremely large value.
- Market Impact: Serves as a warning that older DeFi protocols require urgent security audits.
- Timeliness Note: Short-term impact.
On January 8, 2026, the Truebit Protocol was hacked, resulting in a loss of 8,535.36 ETH (approximately $26.44 million). The official Truebit Protocol confirmed the incident in a post the following morning. The ExVul security team conducted a detailed vulnerability analysis of this attack, with the findings as follows:
Attack Process
Attacker Address:
0x6c8ec8f14be7c01672d31cfa5f2cefeab2562b50
Attack Transaction Hash:
0xcd4755645595094a8ab984d0db7e3b4aabde72a5c87c4f176a030629c47fb014
The attacker completed the attack by cyclically calling the transaction sequence getPurchasePrice→0xa0296215→0xc471b10b for 4 rounds. The first cycle is analyzed as an example.
1. The attacker first called the getPurchasePrice(240442509453545333947284131) function, which returned 0.
2. The attacker called the 0xa0296215(c6e3ae8e2cbab1298abaa3) function with msg.value set to 0. Finally, 240,442,509,453,545,333,947,284,131 TRU tokens were successfully minted.
3. The attacker called the 0xc471b10b(c6e3ae8e2cbab1298abaa3) function. Finally, 240,442,509,453,545,333,947,284,131 TRU tokens were burned, and 5,105.06 ETH were obtained.
Attack Logic Analysis
By understanding the above attack process, it is evident that there are logical issues between the getPurchasePrice function and the 0xa0296215 function. The following is an in-depth analysis (since the contract is not open-source, the code below is decompiled).
By comparing the commonalities of the two functions, we can find that the 0x1446 function is used to calculate how much ETH is needed to purchase a specified amount of TRU. Clearly, there is a logical flaw in the 0x1446 function, leading to an incorrect ETH calculation. The logic within the 0x1446 function is analyzed in detail below.
Observing the logic in the 0x1446 function, since the final calculation result v13 == 0, there must be an issue with the calculation logic mentioned above. It is important to note that the 0x18ef function is identical to _SafeMul, so the problem lies in the native addition v12 + v9 (the contract version is ^0.6.10, which lacks overflow checks).
v12 and v9 represent:
Based on the above analysis, the attacker's strategy was to input a massive _amountIn, causing v12 + v9 to overflow into a very small value, ultimately resulting in (v12 + v9) / v6 == 0.
Summary
The root cause of the Truebit Protocol attack lies in a severe integer overflow vulnerability within its token purchase price calculation logic. Since the contract uses Solidity version ^0.6.10 and lacks safety checks for critical arithmetic operations, it ultimately led to a significant loss of 8,535.36 ETH. Newer versions of Solidity have already mitigated overflow vulnerabilities. This attack was likely discovered by hackers using AI to automatically scan vulnerabilities in older, already-launched DeFi protocols (including recent attacks on Balancer and yETH). We believe such AI-driven attacks targeting older DeFi protocols will become increasingly frequent in the near future. Therefore, it is recommended that project teams conduct new security audits of their contract code. If vulnerabilities are found, contracts should be upgraded or assets transferred as soon as possible. Additionally, on-chain monitoring should be implemented to promptly detect anomalies and minimize losses.
