Slow Mist: Drips Network Loses Approximately 24,900 DAI Due to Integer Conversion Vulnerability

robot
Abstract generation in progress
On July 5, Slow Mist reported that the decentralized tipping protocol Drips Network was attacked, resulting in a loss of approximately 24,900 DAI. Slow Mist's analysis indicates that the root of the attack lies in the integer conversion flaw in the give(address, uint128) function of the DaiDripsHub contract. This function converts a uint128 amount to int128 without verifying whether the input exceeds the maximum value of int128. The attacker exploited this by passing a specific value that exceeded the int128 range, causing the converted amount to become negative. This led to a reversal of the transfer direction, resulting in the reserve contract executing an abnormal withdrawal to the attacker's account, ultimately depleting the reserve funds.
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Repost
  • Share
Comment
Add a comment
Add a comment
No comments