CoinNX | Cos(余弦)😶‍🌫️

Permit 离线授权签名机制被用于绕过链上冻结，Balancer 黑客的场景是其盗窃的 token $stS 所在的 Sonic 地址被冻结了，不过这个冻结仅影响原生资产，这里是 S ，正常来说，S 作为原生资产（也就是 Gas）如果都没法动，其上的 token 也动不了，但 Permit 签名的骚地方就是 Gas 可以代付，不需要被冻结地址来付…于是拥有 Permit 机制的 $stS 被黑客绕过链上冻结，转移洗走了。 tx: https://t.co/gdrF7jWGA6 https://t.co/5BzRMM4gLF

GoPlus Security 🚦 @GoPlusSecurity ·

How the Balancer Hacker Bypassed Asset Freezing via Permit Authorization This morning, the @Balancer attacker transferred 19.5M $stS (~$3M) from the @soniclabs frozen address (0xf19f...fae2) to a new address using permit() authorization, then swapped it for WBTC/ETH. https://t.co/RUO7OJQkA5

From X

Disclaimer: The above content reflects only the author's opinion and does not represent any stance of CoinNX, nor does it constitute any investment advice related to CoinNX.