MEV Contract Used in AnyswapV4Router Attack
It is reported that, according to the monitoring of the Beosin EagleEye security risk monitoring, warning and blocking platform of Beosin, a blockchain securit…
It is reported that, according to the monitoring of the Beosin EagleEye security risk monitoring, warning and blocking platform of Beosin, a blockchain security audit company, on February 15, 2023, an attacker used the MEV contract (0xd050) to preemptively call the anySwapOutUnderlyingWithPermit function of the AnyswapV4Router contract before the normal transaction execution (the user authorized the WETH but has not yet transferred the account) for signature authorization transfer, Although the function uses the permit signature verification of the token, the stolen WETH has no relevant signature verification function, and only triggers the deposit function in the fallback. In subsequent function calls, attackers can directly use the safeTransferFrom function to_ The underlying address is authorized to the WETH of the attacked contract and transferred to the attack contract. The attacker made a profit of about 87 Ethereum, about $130000. Beosin Trace tracked and found that about 70 Ethereum stolen funds had entered the address 0x690b, and about 17 Ethereum remained in the MEVBOT contract.
Security team: Multichain’s Anyswap V4 Router contract suffered a preemptive attack, and the attacker made about $130000
Interpretation of the news:
According to recent reports, an attack was carried out on the AnyswapV4Router contract using the MEV contract on February 15, 2023. Beosin EagleEye, a blockchain security audit company, monitored and alerted users of the attack through its risk monitoring, warning, and blocking platform. The attacker pre-emptively called the anySwapOutUnderlyingWithPermit function of the contract, before the normal transaction execution, and stole WETH from the contract, making a profit of 87 Ethereum, equivalent to $130,000.
The AnyswapV4Router contract uses the permit signature verification of the token for its functions, but the stolen WETH has no relevant signature verification function. Therefore, the attacker used the deposit function in the fallback and directly transferred the WETH to their attack contract. About 70 Ethereum stolen funds entered the address 0x690b, while about 17 Ethereum remained in the MEVBOT contract. This attack demonstrates the issues and vulnerabilities that can arise when using smart contracts with complex functions and interdependencies with other contracts.
This news serves as a reminder of the importance of security risk monitoring and early detection mechanisms in the blockchain ecosystem. While blockchain technology provides innovation and opportunities, it also presents new challenges and risks that must be monitored and addressed. As such, security companies like Beosin EagleEye play a crucial role in ensuring that users are aware of potential threats and can take appropriate measures to protect their assets.
Overall, the AnyswapV4Router attack highlights the need for continued diligence and improvement in smart contract security practices. As the use of smart contracts continues to grow, it is important to remain vigilant to new forms of attacks and vulnerabilities. Regular security audits and monitoring can help prevent and mitigate future breaches, ensuring the stability and security of the blockchain ecosystem.
This article and pictures are from the Internet and do not represent Fpips's position. If you infringe, please contact us to delete:https://www.fpips.com/561/
It is strongly recommended that you study, review, analyze and verify the content independently, use the relevant data and content carefully, and bear all risks arising therefrom.
Recommended articles
-
What does 24-hour currency trading mean (can currency be purchased 24 hours a day)
What does 24-hour mean in currency trading? What does 24 hours mean in the field of digital currency First of all, let’s take a look at what 24-hour means, which means trading time is all day. That is to say, when you hand over the money to the exchange, it will be together for 24 hours. Because your funds are stored on the exchange, 24 hours is not a working day. For a small asset, it takes 24 hours of continuous operation until someone transfers it to you Next, let’s take a look at the specific market data: Bitcoin prices are currently above $10700, with some room for decline from the nearest support level of $9850; The price of Ethereum is currently around $3.78, close to the low of $6.89 on April 14; XRP is also about to fall below the 0.012 yuan mark Can coins be purchased 24 hours a dayEditor’s note: This article is from the vernacular blockchain…
-
What wallet should I use for XRP (What type of currency is XRP)?
What wallet should I use for XRP?XRP is a decentralized digital currency wallet.
-
New AI Tool from Oncyber Allows for Customization of Virtual Environment
According to reports, Oncyber, the Web3 meta universe platform, has revealed that it has developed an artificial intelligence tool called Magic Composer that allows users to customize their environment through text commands. By putting a line of text into Magic Composer, Oncyber can automatically change the appearance and color of the sky, place artists’ NFT works from a connected encrypted wallet, customize the appearance and size of photo frames in the world, and more. Oncyber plans to launch AI tools to a selected group of testers starting on Monday, March 20th. The Oncyber launch AI tool allows users to customize NFT Analysis based on this information:Oncyber has announced the development of a new artificial intelligence (AI) tool called Magic Composer, which will allow users to customize their virtual environment through text commands. This feature is facilitated through the Web3 meta universe platform, which will enable users to make changes in real-time. According to the reports, Magic Composer will allow users…
-
Blur.io Leads NFT Trading with Increase in Trading Volume and ETH Burn
It is reported that according to the data of Ultrasound.money, the NFT market aggregator Blur has destroyed more than 266 ETHs in the past 24 hours. In additio…
-
ZkSync Era expects to release Token in a year
It is reported that the initial release of ZkSync Era will not have tokens, as the network is still largely centralized. Due to the alpha phase, Matter Labs can upgrade the network
-
Pi Ventures Raises 220 Million Rupees in Financing with Colruyt Group Participating
According to reports, pi Ventures, an early stage venture capital fund in India, announced the completion of a 220 million rupee financing, with Belgium\’s COLRUYT GROUP participati
-
What is the meaning of kyc aml (Difference between kyc and aml)
What is the meaning of kyc aml? Kyc aml refers to shrinking the name of a crypto
-
#How Paranoia May Be Driving Florida Governor Ron DeSantis’ Opposition to Central Bank Digital Currency
According to reports, economist Paul Krugman questioned in a recent review article why Florida Governor Ron DeSantis opposes the Central Bank Digital Currency (CBDC). Krugman belie
-
ETH Price Dropped by 5% Due to the Collapse of Silvergate and the Cryptocurrency Market
It is reported that the price of ETH has dropped by 5% with the collapse of Silvergate and the collapse of the encryption market, as monitored by Lookonchain. …
-
OKX Web3 Wallet and Magic Eden: A New NFT Trading Partnership
On April 26th, according to official sources, OKX Web3 Wallet has reached an official partnership with Magic Eden, an NFT trading platform. Users can trade NFTs on Magic Eden by co
-
Table of Contents
It is reported that in its announcement on April 3, the Securities and Exchange Commission of the United States said that it would contact groups including high school students, mi
-
The Latest News and Updates on Tiktok, Interest Rates, Bitcoin Mining, and Gemini
21:00-7:00 Keywords: Tiktok App, interest rate increase in May, Bitcoin mining right, Gemini
Overnight updates on April 11th at a glance
Are you keeping up with the latest news and -
EU Banking Regulators Must Monitor Interest Rate Shocks to Prevent Panic
According to reports, Markus Ferber, an influential European Parliament member, said that regulators should try to prevent panic from spreading after the collapse of Silicon Valley Bank (SVB). He said that EU banking regulators should check whether European banks are vulnerable to interest rate shocks, just like the interest rate shocks that bankrupted the California bank last Friday. Members of the European Union: Regulators should try to prevent the spread of panic after the collapse of banks in Silicon Valley Analysis based on this information:In the wake of the collapse of the Silicon Valley Bank (SVB), Markus Ferber, an influential European Parliament member, has called for EU banking regulators to monitor the risks of interest rate shocks in European banks. Ferber expressed his concerns about the vulnerability and exposure of European banks to the type of interest rate shocks that led to the bankruptcy of SVB last Friday. He also emphasized the need for regulators to prevent panic from spreading…
-
Anchorage Digital Lays off 75 Employees, but Anchorage Digital Bank Remains Unaffected
On March 15th, Anchorage Digital announced today that it would lay off 75 employees. However, a spokesperson for the company said that its digital asset banking subsidiary, Anchorage Digital Bank, which is regulated by the United States Office of the Comptroller of the Currency, would not be affected by the layoffs, and that customer assets would not be at risk due to the recent failures of the crypto friendly banks Silvergate Bank and Silicon Valley Bank. Anchorage Digital: Banking subsidiaries will not be affected by layoffs Analysis based on this information:Anchorage Digital, a leading cryptocurrency custody and trading platform for institutional investors, has announced that it will let go of 75 employees. However, the company has ensured that its digital asset banking subsidiary, Anchorage Digital Bank, which is regulated by the United States Office of the Comptroller of the Currency (OCC), will not be impacted by the layoffs. Moreover, the spokesperson stated that Anchorage Digital Bank will continue to provide…
-
Alpha Homera’s Open Letter: Solving the Bad Debt Problem with Iron Bank
On March 9, it was reported that Alpha Homera had issued the fourth open letter to the community to solve the bad debt problem of its cross-agreement with Iron…
-
Telegram wallet robot launches a web interface that supports purchasing, extracting, and trading Bitcoin
On April 23rd, according to a notice released by Telegram Wallet robot @ wallet on April 21st, the robot has launched a feature update that allows @ wallet users to directly purcha