one thing overlooked in the @TypusFinance hack is the code as intended. allowed the UpdateAuthority (the team) to set the price and twap for any oracle, to any arbitrary value
the design without any bugs, already requires users to fully trust the team rather than external oracle providers
and this design is quite common across perps products
Quickly help everyone go through the vulnerability of @TypusFinance:
This time, the Typus vulnerability lies in oracle manipulation, specifically in the oracle pricing part.
Unauthorized accounts can modify prices.
The hacker used this operation to purchase $Sui, $USDC, $XBTC, and $ETH at very low prices.
It is a very basic permission management vulnerability, and auditing companies really need to step up their game.
4,017
21
本页面内容由第三方提供。除非另有说明,欧易不是所引用文章的作者,也不对此类材料主张任何版权。该内容仅供参考,并不代表欧易观点,不作为任何形式的认可,也不应被视为投资建议或购买或出售数字资产的招揽。在使用生成式人工智能提供摘要或其他信息的情况下,此类人工智能生成的内容可能不准确或不一致。请阅读链接文章,了解更多详情和信息。欧易不对第三方网站上的内容负责。包含稳定币、NFTs 等在内的数字资产涉及较高程度的风险,其价值可能会产生较大波动。请根据自身财务状况,仔细考虑交易或持有数字资产是否适合您。