Security company Blockaid said it has detected the Lumi Finance protocol on Arbitrum being attacked, with losses currently around $270k. Preliminary analysis indicates the vulnerability is related to the Sodium smart account, which executes token approvals during UserOp validation, allowing attackers to obtain multiple account approvals via a malicious Paymaster and transfer funds.

ARB-3.51%
View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • 4
  • 2
  • Share
Comment
Add a comment
Add a comment
ReorgPanicButton
· 13h ago
Sodium 智能账户这坑踩得太准了,UserOp 验证环节授权代币,Paymaster 直接被黑客当提款机用,27万刀买个教训
Reply0
PettyLp
· 13h ago
Arbitrum 上这协议名字听着挺亮,代码审计估计没做透,攻击者批量撸授权的手法挺熟练
Reply0
ProofOfNap
· 13h ago
27万刀损失说大不大,但 Sodium 这设计把授权和验证绑一块儿,抽象账户的复杂性真是双刃剑
Reply0
FarmingNoSleep
· 13h ago
又是模块化账户抽象的安全事故,L2 生态刚起势就挨锤,开发者们长点心吧
Reply0
  • Pinned