Rewards Hub The DBXen contract was exploited this morning, resulting in an estimated loss of $150,000, according to BlockSec Phalcon monitoring. The attack exploited inconsistencies in sender identity under ERC2771 transactions. Specifically, the `burnBatch()` function's `gasWrapper()` decorator uses `_msgSender()` to update the state, while the `onTokenBurned()` callback function uses `msg.sender`. This discrepancy causes incorrect updates to `lastActiveCycle`, disrupting the logic of `claimFees()` and `claimRewards()`. Consequently, attackers were able to manipulate the contract to extract excess funds by exploiting the miscalculated rewards and fees.
DBXen Contract Exploited, $150,000 Lost Due to ERC2771 Inconsistency
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.