one thing overlooked in the @TypusFinance hack is the code as intended. allowed the UpdateAuthority (the team) to set the price and twap for any oracle, to any arbitrary value
the design without any bugs, already requires users to fully trust the team rather than external oracle providers
and this design is quite common across perps products
Quickly help everyone go through the vulnerability of @TypusFinance:
This time, the Typus vulnerability lies in oracle manipulation, specifically in the oracle pricing part.
Unauthorized accounts can modify prices.
The hacker used this operation to purchase $Sui, $USDC, $XBTC, and $ETH at very low prices.
It is a very basic permission management vulnerability, and auditing companies really need to step up their game.
3,436
20
本頁面內容由第三方提供。除非另有說明,OKX 不是所引用文章的作者,也不對此類材料主張任何版權。該內容僅供參考,並不代表 OKX 觀點,不作為任何形式的認可,也不應被視為投資建議或購買或出售數字資產的招攬。在使用生成式人工智能提供摘要或其他信息的情況下,此類人工智能生成的內容可能不準確或不一致。請閱讀鏈接文章,瞭解更多詳情和信息。OKX 不對第三方網站上的內容負責。包含穩定幣、NFTs 等在內的數字資產涉及較高程度的風險,其價值可能會產生較大波動。請根據自身財務狀況,仔細考慮交易或持有數字資產是否適合您。