Slow Fog: OKX DEX Proxy Admin Owner Private Key Leak

2023-12-13 12:00:42

Collection

ChainCatcher news, according to SlowMist, there seems to be an issue with the OKX DEX contract. After analysis, SlowMist found that: when users perform exchanges, they authorize the TokenApprove contract, and the DEX contract transfers user tokens by calling the TokenApprove contract. The DEX contract has a claimTokens function that allows a trusted DEX Proxy to be called, which functions to call the claimTokens function of the TokenApprove contract to transfer the tokens authorized by the user. The trusted DEX Proxy is managed by the Proxy Admin, and the Proxy Admin Owner can upgrade the DEX Proxy contract through the Proxy Admin.

On December 12, 2023, at 22:23:47, the Proxy Admin Owner upgraded the DEX Proxy contract to a new implementation contract via the Proxy Admin. The new implementation contract's function is to directly call the claimTokens function of the DEX contract to transfer tokens. Subsequently, the attacker began calling the DEX Proxy to steal tokens. On December 12, 2023, at 23:53:59, the Proxy Admin Owner upgraded the contract again, with functionality similar to the previous one, and continued to steal tokens after the upgrade. As of now, the profit is approximately 430,000 U.

This attack may be due to the leakage of the Proxy Admin Owner's private key, and the current DEX Proxy has been removed from the trusted list.

Related tags

OKX Slow Mist

ChainCatcher reminds readers to view blockchain rationally, enhance risk awareness, and be cautious of various virtual token issuances and speculations. All content on this site is solely market information or related party opinions, and does not constitute any form of investment advice. If you find sensitive information in the content, please click "Report", and we will handle it promptly.