TwiScan Hot Communities Account collections
Login Register

Register and share your invite link to earn from video plays and referrals.

Register now
SlowMist
@SlowMist_Team
SlowMist is a Blockchain security firm established in 2018, providing services such as security audits, security consultants, red teaming, and more.
Joined April 2018
406 Following    88.6K Followers
SlowMist@SlowMist_Team
2026.05.07 03:20
๐ŸšจSlowMist TI Alert๐Ÿšจ ๐Ÿ’ธ Loss: ~1,291.16 ETH + ~1,268,771 USDC + ~206,282 USDT + ~16.94 WBTC @trustedvolumes ๐Ÿ” Root Cause: In fillOrder function (selector 0x4112e1c2) of RFQ Implementation, signature validation checks _allowedSigners[msg.sender][signer] using caller (taker) instead of order's maker as key, allowing registration via registerAllowedOrderSigner for attack contract and execution of forged orders for any maker. ๐Ÿ“Œ Attacker EOA: 0xc3ebddea4f69df717a8f5c89e7cf20c1c0389100 ๐Ÿ“Œ Victim Contract: 0x9ba0cf1588e1dfa905ec948f7fe5104dd40eda31 ๐Ÿ“Œ Vulnerable Contract: 0x88eb28009351fb414a5746f5d8ca91cdc02760d8 Attacker drained assets from custodial contract with unlimited approvals via 4 forged RFQ orders.
Show more
0
7
77
18
Forward to community