Hyperbridge contrat rencontre une vulnérabilité de relecture de preuve MMR, perte d'environ 242 000 dollars

Deep Tide TechFlow News, April 13, according to BlockSec Phalcon disclosure, the HandlerV1 contract managed by Hyperbridge experienced a Merkle Mountain Range (MMR) proof replay vulnerability on the Ethereum network, resulting in a loss of approximately $242,000. The vulnerability stemmed from proofs and requests not being bound, allowing attackers to replay historical valid proofs and combine them with newly forged requests to perform operations such as changing administrator permissions. In a specific case, the attacker changed the Polkadot (DOT) Token administrator, then used the permission to mint additional DOT and profited. Observed related attack transactions include changing the DOT Token administrator and minting (loss of about $237,400), changing the ARGN Token administrator and minting (loss of about $3,800), and host withdrawals. The vulnerability was discovered by PhalconSecurity and analyzed through PhalconExplorer.

Previously, news reported that the Hyperbridge gateway contract was attacked, with 1 billion DOT tokens minted on Ethereum and sold off.