Beosin: Analysis of the Rubic Attack Incident
ChainCatcher news, according to monitoring by Beosin EagleEye, a blockchain security audit company under Beosin, the Rubic project has been attacked. The Beosin security team analyzed that the routerCallNative function of the RubicProxy contract lacks parameter validation, allowing _params to specify arbitrary parameters. Attackers can use a specific integrator to enable the RubicProxy contract to call the function data they provide at almost zero cost.
By calling the routerCallNative function, the attacker transferred all USDC authorized to the RubicProxy contract to the address 0x001B via transferFrom, stealing nearly 1100 Ethereum. Through Beosin Trace, it was discovered that all stolen funds have been transferred to Tornado cash.
Related tags
ChainCatcher reminds readers to view blockchain rationally, enhance risk awareness, and be cautious of various virtual token issuances and speculations. All content on this site is solely market information or related party opinions, and does not constitute any form of investment advice. If you find sensitive information in the content, please click "Report", and we will handle it promptly.
Related tags
