Drips Network was attacked, resulting in a loss of approximately 24900 DAIs

--

According to SlowMist Monitoring, the decentralized tipping protocol Drips Network was attacked, resulting in a loss of approximately 24900 DAIs. Slow fog analysis shows that the root cause of the attack lies in the integer type conversion defect of the give (address, uint128) function in the DaiDripsHub contract. This function converts the amount of uint128 type to int128 type without verifying whether the input parameter exceeds the maximum value of int128. The attacker passes in a specific value outside the int128 range, causing the converted amount to become negative, resulting in the transfer direction being reversed. The reserve contract executes abnormal withdrawals to the attacker's account, ultimately leading to the depletion of reserve funds.

Loading...