SlowMist(@SlowMist_Team):🚨SlowMist TI Alert🚨 💸 Loss: 8,080.16 USDT + 11,702.08 USDC 🔍 Root Cause: `WUSD._deglove()` uses `GLOVE.creditlessOf(msg.sender)` as the unlock base without verifying the source or epoch of creditless GLOVE. In addition, WUSD’s epoch/vesting logic was driven by cumulative wrap volume, which could be flash-loan amplified and advanced 100+ epochs inside one tx. This converted creditless GLOVE into transferable GLOVE atomically. 📌 Attacker: 0x88329a09428778f62bc0c8baac0997864e5a57f8 📌 Victim: Uniswap V3 liquidity pools (GLO/USDT: 0xa2bd1a142ff49131b8cc70a332bda0125018c324, GLO/USDC: 0xb89f65d6c7d33a35da7c01934e310a6f40e18a1f) 📌 Vulnerable Contract: WUSD (0x068e3563b1c19590f822c0e13445c4fa1b9eefa5) Attacker exploited a credit accounting flaw in WUSD/GLOVE to mint and unlock transferable GLOVE, then drained USDT/USDC from Uniswap V3 pools. Powered by #SlowMist.AI

2026.05.25 11:06

🚨SlowMist TI Alert🚨 💸 Loss: 8,080.16 USDT + 11,702.08 USDC 🔍 Root Cause: `WUSD._deglove()` uses `GLOVE.creditlessOf(msg.sender)` as the unlock base without verifying the source or epoch of creditless GLOVE. In addition, WUSD’s epoch/vesting logic was driven by cumulative wrap volume, which could be flash-loan amplified and advanced 100+ epochs inside one tx. This converted creditless GLOVE into transferable GLOVE atomically. 📌 Attacker: 0x88329a09428778f62bc0c8baac0997864e5a57f8 📌 Victim: Uniswap V3 liquidity pools (GLO/USDT: 0xa2bd1a142ff49131b8cc70a332bda0125018c324, GLO/USDC: 0xb89f65d6c7d33a35da7c01934e310a6f40e18a1f) 📌 Vulnerable Contract: WUSD (0x068e3563b1c19590f822c0e13445c4fa1b9eefa5) Attacker exploited a credit accounting flaw in WUSD/GLOVE to mint and unlock transferable GLOVE, then drained USDT/USDC from Uniswap V3 pools. Powered by #SlowMist#.AI