گوپلاس: صندوق استیکینگ نقدینگی ListaDAO مورد حمله قرار گرفت و مهاجم با بهرهگیری از یک آسیبپذیری منطقی، وجوه را سرقت کرد.
By: rootdata|2026/04/17 03:24:42
0
اشتراکگذاری
شرکت امنیتی GoPlus تحلیلی را منتشر کرد که در آن آمده است قرارداد گاوصندوق استیکینگ مایع (Liquid Staking Vault) ListaDAO به دلیل یک نقص در منطق کسبوکار مورد حمله قرار گرفته است. مهاجم هنگام انتقال توکنهای خاص، تابع محاسبه سهم قرارداد سود سهام را فعال کرد که این امر بر منطق توزیع پاداش گاوصندوق استیکینگ تأثیر گذاشت و در نهایت مقدار زیادی دارایی از قرارداد سرقت شد.
شرکت GoPlus Security یادآوری میکند که این آسیبپذیری منطقی در هر دو قرارداد Liquid Staking Vault و Dividend وجود دارد و هر فورک یا پیادهسازی مجدد، خطر بالایی برای سوءاستفاده شدن دارد. به شدت به توسعهدهندگان و پروژهها توصیه میشود که بازبینیها را انجام داده و آسیبپذیریها را بر اساس آن برطرف کنند. امنیت قرارداد هوشمند نباید به «بازرسیهای یکباره» متکی باشد.
ممکن است شما نیز علاقهمند باشید
I tested with $10,000: zero wear and tear, annualized 8%, and can earn points (with complete tutorial + screenshots)
Perps DEX newcomer StandX launches native stablecoin DUSD, achieving a real APY of 8.46% with its innovative three-tier yield mechanism, breaking the 3% traditional stablecoin interest rate ceiling.
Blockchain Capital Partner: The structure of on-chain dual-layer capital is still in the early stages of value discovery
How can the on-chain economy build a capital structure that promotes open innovation while also considering institutional scale?
Secured over $60 million in funding from Dragonfly, Sequoia, and others, learn about the on-chain derivatives protocol Variational | CryptoSeed
What is the difference with Hyperliquid?
The financial changes under the new SEC regulations: Opportunities and regulatory red lines behind "tokenized stocks"
In-depth analysis of "tokenized stocks": The SEC's advancement of an innovation exemption framework has sparked heated discussions, revealing the real risks behind third-party "synthetic asset" certificates and 24/7 trading.
SpaceX officially submitted its prospectus, unveiling the largest IPO in history
SpaceX's public market debut could take place as early as June, making it the first in a series of giant IPOs from AI companies, with OpenAI and Anthropic also waiting for the right moment.
Insiders: DeepSeek is forming a Harness team to compete with Claude Code
DeepSeek Code is coming.
Morning Report | SpaceX reveals it holds approximately $1.45 billion in Bitcoin; Nvidia's Q1 financial report shows revenue of $81.6 billion; Manus plans to raise $1 billion for buyback business
Overview of Important Market Events on May 21
IOSG Founder: Please tell Vitalik the truth, let the OGs who have enjoyed the industry's dividends enlighten the young people
The wage earners freeze to death on the road, the sellers of goods die of thirst on the way. The weavers of brocade wear coarse cloth, and the grain growers do not have enough to eat.
Morning Report | Deloitte acquires crypto infrastructure company Blocknative; stablecoin company Checker completes $8 million financing; a16z may have become the largest external institutional holder of HYPE
Overview of Important Market Events on May 20
Interpretation of xBubble SOP: Packaging Vibe Coding for non-technical users
DAPPOS has launched the low-threshold AI application xBubble, which innovatively automates the packaging of complex large model workflows with an SOP system, allowing users with no technical background to complete professional-level AI tasks with just one sentence.
From Followers to Price Setters: The Role of the Crypto Market is Reversing
The encryption platform successfully achieved precise pre-listing pricing on CBRS, indicating that Crypto is gradually transforming from a follower of traditional finance into a new pricing hub for global assets through innovative mechanisms.
a16z invested $356 million to aggressively acquire HYPE, surpassing Paradigm to become the largest external holding institution
Eight months later, the price of HYPE is approaching its previous high, and institutions like a16z, Goldman Sachs, and Grayscale are collectively taking action. What is their intention?
Coinbase stuffed USDC into Hyperliquid; who made money from this transaction?
On the surface, it seems like a good deal for Hyperliquid with doubled revenue, but in reality, Coinbase has obtained something more valuable: a global distribution channel for USDC. In a situation where it is besieged domestically and locked out by USDT overseas, embedding stablecoins into the larg...
Google officially declares war
Google has issued a challenge to all its competitors with three weapons: technology, traffic, and pricing.
It is Bankless that needs Ethereum, not Ethereum that needs Bankless
The role of Bankless is being replaced by a more decentralized, specialized, and diverse "narrative network."
تکامل سرمایهگذاری کریپتو: از “هیجان توکن” تا “واقعیت درآمد”
Key Takeaways سرمایهگذاری کریپتو در حال تبدیل شدن از دورهی حبابی به سمت تحلیلهای واقعی درآمد است. بانک…
تحلیل وضعیت فعلی و پیشبینی آینده بیتکوین
Key Takeaways پیشبینی میشود که 55000 دلار سطح بحرانی برای بیتکوین باشد و شکستن این سطح، تغییرات عمدهای…
تغییرات سرمایهگذاری بیتکوین: آیا نقطه عطف بازار نزدیک است؟
Key Takeaways قیمت بیتکوین به طور متوسط 8٪ زیر سطح خرید مایکل سیلور قرار دارد. تحلیلگران پیشبینی میکنند…
I tested with $10,000: zero wear and tear, annualized 8%, and can earn points (with complete tutorial + screenshots)
Perps DEX newcomer StandX launches native stablecoin DUSD, achieving a real APY of 8.46% with its innovative three-tier yield mechanism, breaking the 3% traditional stablecoin interest rate ceiling.
Blockchain Capital Partner: The structure of on-chain dual-layer capital is still in the early stages of value discovery
How can the on-chain economy build a capital structure that promotes open innovation while also considering institutional scale?
Secured over $60 million in funding from Dragonfly, Sequoia, and others, learn about the on-chain derivatives protocol Variational | CryptoSeed
What is the difference with Hyperliquid?
The financial changes under the new SEC regulations: Opportunities and regulatory red lines behind "tokenized stocks"
In-depth analysis of "tokenized stocks": The SEC's advancement of an innovation exemption framework has sparked heated discussions, revealing the real risks behind third-party "synthetic asset" certificates and 24/7 trading.
SpaceX officially submitted its prospectus, unveiling the largest IPO in history
SpaceX's public market debut could take place as early as June, making it the first in a series of giant IPOs from AI companies, with OpenAI and Anthropic also waiting for the right moment.
Insiders: DeepSeek is forming a Harness team to compete with Claude Code
DeepSeek Code is coming.
پشتیبانی مشتری:@weikecs
همکاری تجاری:@weikecs
معاملات کمّی و بازارسازی:bd@weex.com
برنامه VIP:support@weex.com
