6 days agoThe Analysis of FEGtoken Security Incident: Devil’s in the DetailsBy BlockSec On May 15th, 2022 at approximately 8:20 PM (UTC), our monitoring system detected that the FEGexPRO contract of the FEGtoken project was hacked. The attacker launched a series of attacks on both ETH and BSC mainnet and the total value involved accumulated to about $1.3m …Defi6 min read
May 16Revisiting the CashioApp Security IncidentStarted at March-23–2022 16:20:08 UTC+8, CashioApp was exploited to drain the collateral token account at the loss about 52 millions. The hack was made possible due to the insufficient check of input accounts that allows the attacker to mint 20 billion $CASH tokens without any deposit. …Solana Network5 min read
May 6How to exploit the same vulnerability of MetaPool in two different ways (Nerve Bridge / Saddle Finance) — What you see is not what you getBy BlockSec On April 30th 2022, an attacker exploited the same vulnerability in the Nerve Bridge Incident to attack the Saddle Finance. In total, 4,900 Ether were under attack. Fortunately, 1,360 Ether of them were successfully saved by us. …Blockchain Security9 min read
Apr 29Secure the Solana Ecosystem (7) — Type Confusion0. Review Secure the Solana Ecosystem (1) — Hello Solana Secure the Solana Ecosystem (2) — Calling Between Programs Secure the Solana Ecosystem (3) — Program Upgrade Secure the Solana Ecosystem (4) — Account Validation Secure the Solana Ecosystem (5) — Multi-Sig Secure the Solana Ecosystem (6) — Multi-Sig2 1. Overview In the previous…Solana Network4 min read
Apr 24Secure the Solana Ecosystem (6) — Multi-Sig20. Review Secure the Solana Ecosystem (1) — Hello Solana Secure the Solana Ecosystem (2) — Calling Between Programs Secure the Solana Ecosystem (3) — Program Upgrade Secure the Solana Ecosystem (4) — Account Validation Secure the Solana Ecosystem (5) — Multi-Sig 1. Overview In the previous post, we discussed the implementation of the…Solana Network5 min read
Apr 23How Akutar NFT loses 34M USDWe find there exist two serious logic vulnerabilities in the @AkuDreams contracts(https://etherscan.io/address/0xf42c318dbfbaab0eee040279c6a2588fa01a961d). The first vulnerability can cause a DoS attack and the second vulnerability will make the project fund (more than 34M USD) being locked forever. Vulnerability INft2 min read
Apr 21How to verify a signature in a wrong way — the AssociationNFT caseThe Association NFT is a NBA launched NFT. However, we find the NFT sale contract has a serious vulnerability which allows an attacker to mint a large number NFTs, without paying any Tokens. The root cause of the vulnerability is the incorrect use of signature verification. Basically, the contract fails…Nft2 min read
Apr 10Secure the Solana Ecosystem (5) — Multi-Sig0. Review Secure the Solana Ecosystem (1) — Hello Solana Secure the Solana Ecosystem (2) — Calling Between Programs Secure the Solana Ecosystem (3) — Program Upgrade Secure the Solana Ecosystem (4) — Account Validation 1. Overview In the previous blog, we discussed the account validation, which is important to access control, in Solana…Solana Network5 min read
Apr 6Secure the Solana Ecosystem (4) — Account Validation0. Review Secure the Solana Ecosystem (1) — Hello Solana Secure the Solana Ecosystem (2) — Calling Between Programs Secure the Solana Ecosystem (3) — Program Upgrade 1. Overview In the previous blog, we discussed how to upgrade a program. In this post, we will introduce the access control related problems, which is one…Solana Network5 min read
Apr 4The Race Against Time and Strategy: About the AnySwap Rescue and Things We Have LearntBy BlockSec Team On Jan 18th, our monitoring system detected an attack against the AnySwap project (aka Multichain). The vulnerability is due to the flawed anySwapOutUnderlyingWithPermit() function whose verification mechanism can be bypassed to withdraw the approved tokens. Although the project has adopted different approaches (e.g., sending transactions to the…Anyswap11 min read
