On February 28, 2023, MetaTrust’s on-chain monitoring engine discovered a serious security vulnerability in the recently open-sourced Zombier smart contract on the Ethereum blockchain. The contract has a reentrancy attack vulnerability and several parameter verification vulnerabilities, among other issues. If the client continues to use this contract, it may face significant security risks. For details, please see the vulnerability cause analysis report.
This post discusses the security challenges in the Web3 era and how the DevSecOps approach can be adopted to improve the security of the Web3 ecosystem. It emphasizes the importance of incorporating security analysis into the development process and introduces MetaTrust's tools and services for secure software development, including the world's first secure package manager for secure open-source development, an automatic security auditing tool for smart contracts, 24/7 runtime security monitoring, and a comprehensive security and risk score. By using these tools, developers can build a more secure and prosperous Web3 ecosystem.
On February 10, 2023, some reflection mechanism tokens on BNB Chain were attacked and spread to multiple tokens. MetaTrust conducted a thorough analysis and found several dozens of tokens that were not yet attacked through its exclusive IP Analyzer engine.
This blog post analyzes the BRA flash loan attack, which involved a series of transactions on the Binance Smart Chain. The attacker used a flash loan to borrow 1000 WBNB, which was then used to purchase and sell BRA tokens, resulting in an increase in circulation and a profit of approximately $310,000. The post also suggests using MetaTrust's Prover engine to troubleshoot ERC20 tokens for vulnerabilities and provides tips for preventing similar attacks.
An analysis of the Defrost Finance project hack that occurred on December 23, 2022. The hack involved a re-entrancy attack and a rug pull, resulting in the loss of over $12 million. This post provides transaction information, attack processes, and an analysis of the vulnerabilities that led to the hack. MetaScan has the ability to scan for these types of risks.
An analysis of the DFX Finance attack, focusing on the smart contract code. The attacker exploited a vulnerability in the Curve contract that allowed them to re-enter the deposit function and deposit borrowed tokens, which were then treated as repayment. The attack demonstrates the importance of carefully evaluating the impact of each callback and checking dependent state variables to avoid similar problems.