en.bitcoinsistemi.com
A security flaw in the $LDO token contract was recently used by hackers to carry out fraudulent deposit attacks on exchanges, according to a security alert issued by cryptocurrency security firm SlowMist.
According to SlowMist, the $LDO token contract does not follow the ERC20 standard, which states that a transfer transaction must bounce if the sender does not have sufficient funds. Instead, it simply returns “false” as a result, without triggering a transaction reversal on the $LDO token contract.
This means that a malicious user can transfer more $LDO tokens to an exchange than they actually have, and the exchange may not detect the error and credit the user's account with a fake amount. The user can then withdraw other tokens from the exchange using the incorrect balance.
SlowMist recommended several actions for exchanges and other platforms that integrate $LDO tokens to prevent such attacks. These include:
- When performing token deposits, checking not only the success or failure of the transactions, but also the return values of the token contract.
- Conducting a comprehensive analysis of the token contract code before integrating new tokens, especially those that do not comply with the ERC20 standard.
- Performing regular code audits and security checks to ensure the robustness and security of the system.
*This is not investment advice.