正好拿今天及昨晚两个案例试了试并截图，一个是 Huma Protocol V1 被攻击： Huma Protocol on Polygon was drained for ~$101.39K. Root cause: refreshAccount(address) could move an unapproved credit line from Requested to GoodStanding. Primitive: approval-state bypass in credit lifecycle. _updateDueInfo() sets state = GoodStanding when no periods are missed, without preserving Requested. Profit: - 82,315.571143 native USDC - 19,074.730401 USDC.e Related wallet addresses: - Attacker EOA: 0x13b44e416e0f66359502e843af2e1191f1260daf - Attack borrower contract: 0x44d4a434ae1529106e4b801315e22721978022a3 - Helper: 0xef8a13797b009228f6e4a25112ea114b7ba6e1b2 Tx: - Attack: 0x7b8d641d76affcc029fd0e0f06ab81ad675b1da21ef79b82e1343016040ba359 - Setup requestCredit: 0x0adf9953c4e2506ffd4526ceee962a9bb61c573eaef60f669605cca68d0ef5aa - State refresh: 0x7126ae1d8e8d1e0c0f1c598de16a035cf309d6cc556e73edc2847de2b5777e5e 比较令我满意的是，Agent 自行找出了触发最终利用的一个前置条件 tx State refresh: 0x7126ae1d8e8d1e0c0f1c598de16a035cf309d6cc556e73edc2847de2b5777e5e 另一个是最近可能新起的钓鱼团伙，采用的是 permit 离线签名钓鱼技巧，这个分析其实很简单，如果 Agent 连这种单利用都识别失败，那只能说完全不及格了。 Mark 下，这些都是不错的实践。