Last Issues (5)
Low | Medium | High | Critical | Total | |
|---|---|---|---|---|---|
Not fixed | - | - | - | - | 0 |
Fixed | 3 | 2 | - | - | 5 |
| Total | 3 | 2 | 0 | 0 | 5 |
Reported rekts
Fantom was reported as rekt on 2022/06/30
Click to show description
Quick Summary A validator wallet was drained for 250k FTM by an attacker during the node setup process on Fantom network. The problem is a go-opera code bug, allowing users to unlock the local account with http/ws enabled. Details of the Exploit The attacker tracked the transfers to the node accounts, so he could know when and how much a validator account would receive, and taking advantage of the vulnerability, was able to steal money from the node validator. The vulnerability is in the UnlockAccount() function, in which the ExtRPCEnabled() flag does not work correctly, which makes the entire security check useless. As the time of this writing information on this case is scarce. More sources will be added if the case should develop.
Audit (1)
| # | Name | Auditor | Date | Chains | Issues |
|---|---|---|---|---|---|
| 1 | Sonic Opera Native Token Br... | OpenZeppelin | 2024/12/09 | Off-Chain (Private) | No active critical issues |