coin-img-ETHETH-3.20%coin-img-SPCXBSPCXB-7.66%coin-img-BTCBTC-2.82%coin-img-SOLSOL-4.95%coin-img-XRPXRP-4.53%coin-img-USDCUSDC+0.02%coin-img-HYPEHYPE-7.20%coin-img-TRXTRX+0.25%coin-img-ETHETH-3.20%coin-img-SPCXBSPCXB-7.66%coin-img-BTCBTC-2.82%coin-img-SOLSOL-4.95%coin-img-XRPXRP-4.53%coin-img-USDCUSDC+0.02%coin-img-HYPEHYPE-7.20%coin-img-TRXTRX+0.25%coin-img-ETHETH-3.20%coin-img-SPCXBSPCXB-7.66%coin-img-BTCBTC-2.82%coin-img-SOLSOL-4.95%coin-img-XRPXRP-4.53%coin-img-USDCUSDC+0.02%coin-img-HYPEHYPE-7.20%coin-img-TRXTRX+0.25%coin-img-ETHETH-3.20%coin-img-SPCXBSPCXB-7.66%coin-img-BTCBTC-2.82%coin-img-SOLSOL-4.95%coin-img-XRPXRP-4.53%coin-img-USDCUSDC+0.02%coin-img-HYPEHYPE-7.20%coin-img-TRXTRX+0.25%

DIP Token Contract Exploited; $110,000 Lost After _transfer() Return Omission

SlowMist said it detected an attack on the DIP token contract on June 17 (UTC+8), with estimated losses of about $110,000. The firm attributed the exploit to a missing return statement in a routing branch of DIP's _transfer() function. When a transaction's from or to address is the PancakeSwap router contract, the contract executes the same transfer twice, enabling manipulation of the associated liquidity pool price. SlowMist founder Yu Xian said the issue could have been caught earlier if developers had used AI tools during code reviews. The attacker's contract has been verified and is publicly available on BscScan. (Source: Foresight News)
Disclaimer: The content above is only the author's opinion and does not represent BingX’s stance. It shall not be construed as investment advice from BingX. For details, refer to the Terms and Conditions.