White Hat Group Recovers NFTs Worth Over $500,000 After Flooring Protocol Bug

According to Odaily Planet Daily, Solidity security researcher Quit has published an analysis of a vulnerability in Flooring Protocol. Quit said the attacker abused a flaw in the BT404-style accounting logic's ownership validation, creating a "phantom ownership" condition. By combining that issue with multiple integer underflow bugs, the attacker was able to generate unlimited fpToken balances, sell the tokens, and drain liquidity from the protocol. Quit added that they later identified an additional attack path impacting more liquidity pools. Together with several security researchers, they launched a white-hat rescue to move assets out of Flooring Protocol's exposed pools. The team recovered 66 NFTs in total: 29 BAYCs, 4 MAYCs, 2 CryptoPunks, 1 Azuki, 2 Elementals, 26 Captains, 1 Moonbird, 2 Doodles, and 1 BAKC. The assets are valued at more than $500,000. Quit urged users not to deposit further NFTs into Flooring Protocol and said the recovered NFTs will be returned to their rightful owners in the coming weeks.