GPU Hack Analysis
GPU Hack Analysis
Overview:
On May 8, 2024, GPU suffered an attack due to a self-transfer issue, leading to a total loss of over 32K USD.
Smart Contract Hack Overview:
- Attacker address: 0xcc7806
- Attack contract: 0x523400
- Vulnerable Contract: 0xf51CBf
- Attack Transaction: 0x2c0ada
Decoding the Smart Contract Vulnerability:
- The root cause of the exploit was due to the _balance update logic, which did not properly account for transactions where the sender and recipient were the same. This allowed the attacker to manipulate their own token balance by performing self-transfers.
- During these self-transfers, the smart contract under the hood overwrote the sender’s balance (_balances[sender]) with what should have been the recipient’s balance (_balances[recipient]). Since the sender and recipient were the same, this resulted in artificially inflated balances without any real token inflow.
- By continuously initiating self-transfers, the attacker was able to repeatedly overwrite and increase their balance, leading to unauthorized token acquisition and a total loss of 32K USD.
Mitigation and Best Practices:
- Always validate your code by writing comprehensive test cases that cover all the possible business logic.
- To prevent such vulnerabilities, the best Smart Contract auditors must examine the Smart Contracts for logical issues. We at CredShields provide smart contract security and end-to-end security of web applications and externally exposed networks. Schedule a call at https://credshields.com/
- Scan your Solidity contracts against the latest common security vulnerabilities with 130+ detections at SolidityScan
Conclusion:
SolidityScan is an advanced smart contract scanning tool that discovers vulnerabilities and reduces risks in code. Request a security audit with us, and we will help you secure your smart contracts. Signup for a free trial at https://solidityscan.com/signup
Follow us on our Social Media for Web3 security-related updates.
SolidityScan — LinkedIn | Twitter | Telegram | Discord