ID:
thorchain-283
100 pts
Platform:
Type:
Category:
Method:
Data Sources:
Thorchain
Protocol
Dexes
Contract Vulnerabilities
Extended Method:
Contract vulnerabilities
Days in Operation:
1566
(4.29 Years)





100 pts each
THORChain (RUNE), a decentralized cross-chain transaction protocol, said it was attacked again, and many ERC20 tokens including XRUNE were affected. Thorchain told CoinDesk a whitehat hacker deployed a custom contract that was able to trick its Bifrost Protocol into receiving a deposit of fake assets. Not long ago, THORChain updated Eth Bifrost to allow the routing contract to be "encapsulated" by the contract. The attacker uses this to send a transaction with msg.value = 200 ETH and immediately uses the contract to transfer it back to itself, while Bifrost will report msg. value = 200 instead of depositAmount = 0, so as to realize the profit of calling the routing contract with the amount of 0 ETH. The attack was very restrained eluding that the attacker may be a whitehat hacker.
DISCLAIMER: While web3rekt has used the best efforts in aggregating and maintaining this database, this web site makes no representations or warranties with respect to the accuracy or completeness of its information and data herein, and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose.
​
Under no circumstances, shall web3rekt be liable for any loss of profit or funds, any regulatory or governmental penalties, any legal costs, or any other commercial and non-commercial damages, including but not limited to special, incidental, consequential, or other damages from any or all usage of the data and information derived from this database.