1/ 🚨 BREAKING: @SuperRare Suffers $730K Exploit on Ethereum
The attacker leveraged a permission verification vulnerability to successfully transfer assets, resulting in a loss of approximately $730K USD.
🛡️ Recommended Actions:
➡️ For Projects
- Implement context-aware permission checks
- Rigorous unit testing of ACL logic
- Audit critical state-changing functions
➡️For Users:
- Monitor @SuperRare for updates
- Limit contract interactions until fix confirmed
2/ 🧯 Vulnerability Analysis
Flawed permission check in updateMerkleRoot function:
→ Allowed any address except owner/0xc2F394 to modify currentClaimRoot.
3/ ⚡ Attacker did:
- Updated MerkleRoot
- Called claim method
- Bypassed validation with malicious root
- Drained tokens to receiving address
4/ ⚔️Attacker Address: 0x5b9b4b4dafbcfceea7afba56958fcbb37d82d4a2
đź“ťAttack Contract: 0x2073111e6ebb6826f7e9c6192c6304aa5af5e340
đźš©Exploited Contract: 0x3f4d749675b3e48bccd932033808a7079328eb48
đź“‚Attack Tx:
📦Asset Receiving Address: 0x08947cedf35f9669012bda6fda9d03c399b017ab
5.82K
17
The content on this page is provided by third parties. Unless otherwise stated, OKX is not the author of the cited article(s) and does not claim any copyright in the materials. The content is provided for informational purposes only and does not represent the views of OKX. It is not intended to be an endorsement of any kind and should not be considered investment advice or a solicitation to buy or sell digital assets. To the extent generative AI is utilized to provide summaries or other information, such AI generated content may be inaccurate or inconsistent. Please read the linked article for more details and information. OKX is not responsible for content hosted on third party sites. Digital asset holdings, including stablecoins and NFTs, involve a high degree of risk and can fluctuate greatly. You should carefully consider whether trading or holding digital assets is suitable for you in light of your financial condition.