Blockchain güvenlik firm PeckShield published the details of a new işlem ücreti refund exploit on the TransactionRequestCore smart contract belonging to the Ethereum Alarm Clock Project.
At press time, almost 24 hackers had looked to rob transaction owners by calling the transaction cancel function.
Smart contract refunds drained
The transaction fee then sent to the caller was very high compared to what the original transaction owners would have received if they requested the refund.
As can be seen above, the purpose of the cancel function is to compute the owner’s gas cost and add a constant of 85,000 to that amount to refund them.
Consequently, the hacker does not need to use more than 70,355 in gas to receive a refund greater than the original transaction fee. After that, they can pocket the difference.
Accordingly, one Twitter user, pyggie9, tweeted:
Göre PeckShield, 51% of the bloated refund is paid out as profit to miners, increasing their Miner Extractable Value (MEV). So far, one of the beneficiaries has been an Ethereum validator using the liquid staking pool Lido Finance. Etherscan data reveals that the validator has reportedly Alınan $158,000 (121 ETH) from contract 0xbb1d6b3be1396a4b5ccb8d061b302250bb2b73fd at block 15,782,459.
According to security company Supremacy Inc., hackers have stolen 204 ETH so far.
Miner extractable value refers to miners arranging transactions in blocks to maximize their profits. An accepted way to improve MEV returns is through a proposer/block-builder separation. A proposer in the Ethereum Virtual Machine can earn a tidy sum for sending blockspace to a cohort of reliable block builders.
Alarm clock operation
The Ethereum Çalar Saat project contains Ethereum transactions scheduled to occur at a future date. Transactions can be scheduled by people or smart contacts. Additionally, the EAC will enable TimeNodes to call transactions during a certain time frame.
The TransactionRequestCore smart contract involved in this latest exploit is four years old.
Yeni bir göre rapor by research company Token Terminal, akıllı sözleşme istismarları are not easy to fix.
This hack is still active, and updates will be added soon.
Be[In]Crypto'nun en son haberleri için Bitcoin (BTC) analizi, buraya Tıkla
Feragatname
Web sitemizde yer alan tüm bilgiler iyi niyetle ve yalnızca genel bilgi amaçlı yayınlanmaktadır. Okuyucunun web sitemizde bulunan bilgilere göre yapacağı herhangi bir eylem kesinlikle kendi sorumluluğundadır.
Source: https://beincrypto.com/alarm-clock-smart-contract-exploited-on-ethereum-developing-story/