Misty Fog: Drips Network lost about 24,900 DAI due to an integer conversion vulnerability

robot
Abstract generation in progress
Golden Finance reported that on July 5, according to SlowMist monitoring, the decentralized tipping protocol Drips Network was attacked, with losses of about 24.9k DAI.
SlowMist’s analysis shows that the root cause of this attack lies in an integer type conversion flaw in the give (address, uint128) function within the DaiDripsHub contract. The function converts a uint128-typed amount to int128 without verifying whether the provided input exceeds the maximum int128 value. The attacker passes in a specific value that is outside the int128 range, causing the converted amount to become negative, which in turn reverses the transfer direction. As a result, the reserve fund contract executes abnormal withdrawals to the attacker’s account, ultimately exhausting the reserve funds.
View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Repost
  • Share
Comment
Add a comment
Add a comment
No comments
  • Pinned