Drips Network DaiDripsHub Contract Loses 24,882.99 DAI Due to Integer Conversion Vulnerability

According to SlowMist security alert, Drips Network's DaiDripsHub contract suffered a loss of 24,882.99 DAI today (July 15) due to an integer type conversion vulnerability in the give function. The vulnerability stemmed from inadequate validation when converting uint128 to int128, allowing attackers to input values exceeding int128's maximum threshold. This caused the conversion to produce a negative value, which reversed fund flow direction from user payment to reserve withdrawal, draining DAI reserves. Attacker addresses and affected contracts have been publicly disclosed.
Disclaimer: The information on this page may come from third-party sources and is for reference only. It does not represent the views or opinions of Gate and does not constitute any financial, investment, or legal advice. Virtual asset trading involves high risk. Please do not rely solely on the information on this page when making decisions. For details, see the Disclaimer.
Comment
0/400
No comments