Lumi Finance suffered an attack yesterday, losing approximately $270,000
2026-07-14 08:34
Odaily Planet Daily News: According to monitoring by GoPlus, Lumi Finance on Arbitrum was attacked on July 13, losing approximately $270,000. The vulnerability originated from a logic flaw in the `validateUserOp` function of the Sodium smart account contract (ERC-4337) when calling `_validateSignature` to verify signatures. During the execution of `isValidSignatureNow`, the `signer` parameter was passed as the attacker's address. After `ECDSA.tryRecover` failed, the process did not revert but instead called the `isValidSignature` function in the attacker's contract, passing the verification.
