Scan to download
Home
Article
Flash
Specials
Columns
ETF
Knowledge Base
Calendar
Activity
Tools
RootData
DeInsight 2024🔥
Devcon 2024

Slow Mist: The root cause of the pGALA incident is the plaintext private key leaked on GitHub

2022-11-07 18:57:19
Collection

ChainCatcher news, according to SlowMist intelligence, on November 4th, an address on the BNB Chain minted over $1 billion worth of pGALA tokens out of thin air and sold them for profit through PancakeSwap, causing GALA to briefly drop over 20%. The analysis results from SlowMist are as follows:

  1. The pGALA contract uses a Transparent Proxy model, which has three privileged roles: Admin, DEFAULTADMINROLE, and MINTER_ROLE.

  2. The Admin role is used to manage the upgrade of the proxy contract and change the Admin address of the proxy contract, the DEFAULTADMINROLE is used to manage various privileged roles in the logic (e.g., MINTERROLE), and the MINTERROLE manages the minting permissions of pGALA tokens.

  3. In this incident, the Admin role of the pGALA proxy contract was designated as the proxyAdmin contract address at the time of contract deployment, while the DEFAULTADMINROLE and MINTER_ROLE were initialized to be controlled by pNetwork. The proxyAdmin contract also has an owner role, which is an EOA address, and the owner can upgrade the pGALA contract through proxyAdmin.

  4. However, the SlowMist security team discovered that the private key of the owner address of the proxyAdmin contract was leaked in plain text on GitHub, allowing any user who obtains this private key to control the proxyAdmin contract and upgrade the pGALA contract at any time.

  5. The owner address of the proxyAdmin contract was replaced 70 days ago (on August 28, 2022), and another project managed by it, pLOTTO, is suspected to have been attacked.

  6. Due to the architectural design of the Transparent Proxy, the change of the Admin role of the pGALA proxy contract can only be initiated by the proxyAdmin contract. Therefore, after the loss of owner privileges of the proxyAdmin contract, the pGALA contract has been at risk of being attacked at any time.

In summary, the root cause of the pGALA incident lies in the leakage of the owner private key of the Admin role of the pGALA proxy contract on GitHub, and its owner address was maliciously replaced 70 days ago, resulting in the pGALA contract being at risk of being attacked at any time. (source link)

Related tags
pGALA private key leak
ChainCatcher reminds readers to view blockchain rationally, enhance risk awareness, and be cautious of various virtual token issuances and speculations. All content on this site is solely market information or related party opinions, and does not constitute any form of investment advice. If you find sensitive information in the content, please click "Report", and we will handle it promptly.
banner
Related reading
A new type of cryptocurrency theft method has emerged abroad: shared power banks implanted with malicious programs to steal private keys
2023-05-18 15:42
Raydium: The attack or loss due to private key leakage resulted in a total loss of approximately $4.395 million
2022-12-17 10:12
Huobi releases a notice regarding the re-minting of PGALA Token on the TRON network
2022-11-08 01:00
Huobi Global releases a statement regarding the truth of the GALA incident and will hold pNetwork fully accountable for compensation
2022-11-06 20:02
Related tags
pGALA private key leak
Copyright © 2023
About Us
BitouchNews
Apply for a column
Disclaimer
RSS LINK
Recruitment
Qiong ICP No. 2021009392
Qiong ICP No. 2021009392
ChainCatcher Building the Web3 world with innovators
Open the app