Security firm Blockaid has identified an exploit in a custom extension contract of the Ekubo Protocol on Ethereum, resulting in approximately $1.4 million in losses. The vulnerability arises from the contract's failure to verify if the payer is the lock initiator or an authorized payer during payment callbacks. This flaw allows attackers to use the transferFrom function to withdraw funds from users who have granted ERC-20 allowances to the contract. Currently, only users who have authorized the v2 contract as a spender are at risk.
Ekubo Protocol Exploit on Ethereum Causes $1.4 Million Loss
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.