Zodiac发布安全事件复盘：ERC-1271验证缺陷曾导致攻击者绕过模块认证

Odaily Planet Daily News: The Zodiac team has released an analysis report on a security incident affecting the Zodiac Roles Modifier, disclosing that the root cause of the vulnerability lies in a flaw in the ERC-1271 transaction signature verification logic: the system only determines the validity of a signature based on the returned "magic value" without verifying whether the call itself was successful. This could allow a failed verification to be disguised as a valid signature, bypassing the module's authentication mechanism.

Zodiac clarified that this vulnerability can only be exploited under specific configurations, and EOA role members and other deployments not using the relevant module are unaffected. Affected users have been notified, and self-service detection and remediation tools have been launched. In collaboration with white-hat teams, asset recovery efforts have been carried out, with over 99% of potentially at-risk funds secured. The relevant contracts have been repaired and passed an independent audit, with services returning to normal.