Low | Medium | High | Critical | Total | |
---|---|---|---|---|---|
Not fixed | - | - | - | - | 0 |
Fixed | 5 | 2 | - | - | 7 |
Total | 5 | 2 | 0 | 0 | 7 |
Click to show description
Quick Summary On March 30, 2023, the RPL balance of the poap.eth wallet (0xf6B6F07862A02C85628B3A9688beae07fEA9C863) was drained due to a phishing attack. Details of the Exploit The attacker used a phishing attack against the owner of the poap.eth wallet and gained a significant allowance in RPL tokens. Two different exploiter addresses then executed the transferFrom() function, resulting in the theft of 21,474 and 64,423 tokens. The RPL tokens were subsequently swapped to ETH and dispersed between a few different wallets. Block Data Reference Approve tx: https://etherscan.io/tx/0xd36e7d75f9d5ff768d5ae53277f44ce5d130c6362cb06ca12d02023bd0373add transferFrom tx: https://etherscan.io/tx/0x13cd0edda83aa778b81f877e2be1e49c070b1fb93aeb777a0399a613abd0f632 https://etherscan.io/tx/0xc3a9d6e486fe39d370e8fceab28f6d4b98ff98b5b1be9228681260f01a69819b
# | Name | Auditor | Date | Chains | Issues |
---|---|---|---|---|---|
1 | Rocket Pool (Houston) | Consensys | 2023/11/30 | Off-Chain (Private) | No active critical issues |
2 | Rocket Pool Atlas (v1. | Consensys | 2022/12/31 | Off-Chain (Private) | No active critical issues |
3 | Rocketpool | Consensys | 2021/03/31 | Off-Chain (Private) | 2 active critical issues |