Welcome back to our weekly session on smart contract exploits. This week we will be talking about the Selfdestruct function in Solidity.
Let’s first understand how transfers operate in Solidity programming
2021 was a year of ups and downs for the blockchain industry. Blockchain technology continued to grow thanks to its decentralized, open, and transparent characteristics. The surge of users in DeFi, NFTs, and Metaverse has propelled the blockchain industry to new heights. As more projects are built on the blockchain…
Last week we wrote an introduction about Reentrancy vulnerabilities, this week we will discuss another common vulnerability called Overflow.
There are two types of Flow, Overflow, and Underflow. The so-called overflow refers to the fact that when a single numerical calculation is run, the result of the calculation is greater…
Given the increase in smart contract exploits, we decided to produce a series of articles to educate new smart contract developers about these vulnerabilities and how they work. This week, we’ll look at a well-known example: A Reentrancy Attack.
It can be considered that all external calls in the contract…
On December 19, 2021, Our team at SlowMist was notified of a Reentrancy attack on the Grim Finance project within the Fantom Blockchain. At the time of writing this, over $30M in funds were transferred to this address. …
On December 3rd, 2021, the SlowMist identified a sophisticated phishing attack on the Gnosis Safe Mutisig in the Habitat team fund. This is our brief analysis of the situation so far.
Hacker’s first address: Habitat Multsig Drainer Fund Supplier 0x62a51ad133ca4a0f1591db5ae8c04851a9a4bf65
Hacker’s second address : Habitat Multsig Drainer 0x26a76f4fe7a21160274d060acb209f515f35429c
Fake Gnosis…
On November 30, 2021, our team at SlowMist was notified of an attack on the Defi protocol MonoX. Over $18 million in WETH and $10.5 million in Matic tokens were drained by the attacker. Several other tokens, including Wrapped Bitcoin, Chainlink, Unit Protocol, Aavegotchi, and Immutable X, were also lost…
Context: Bob ( fake name, real person) received a text claiming to be from his exchange. The message states that due to the recent ban on crypto in China, all users must withdraw their funds to a defi wallet. The text also included a link to the wallet where Bob…
Our team at SlowMist discovered that HT tokens were routinely withdrawn without swapping within the XSquid and HT token pools on Mdex. After investigation, it is concluded that this incident was caused by the XSquids project token contract issue and has nothing to do with the security of the MDEX…
On October 27, 2021, Cream Finance suffered another attack loss of approximately US$130 million. The SlowMist security team immediately intervened in the analysis and shared its brief analysis as follows.
The contract of this attack is to use the flaws in the Cream lending pool to obtain the price of…
