cryptocurrency According to a security alert issued by security company SlowMist, LDO A security issue in the token contract was recently exploited by hackers to conduct fraudulent deposit attacks on exchanges.
According to SlowMist, the LDO token contract does not follow the ERC20 standard, which states that a transfer transaction must bounce if the sender does not have sufficient funds. Instead, it simply returns “false” as a result, without triggering a transaction rollback on the LDO token contract.
This means that a malicious user could transfer more LDO tokens to an exchange than they actually have, and the exchange may not detect the error and credit the user’s account with the fake amount. The user can then withdraw other tokens from the exchange using the wrong balance.
SlowMist has suggested several actions for exchanges and other platforms integrating LDO tokens to prevent such attacks. These include:
- When performing token deposits, checking not only the success or failure of the transactions but also the return values of the token contract.
- Conduct a thorough analysis of the token contract code before integrating new tokens, especially those that do not comply with the ERC20 standard.
- Performing regular code audits and security checks to ensure the robustness and security of the system.
*Not investment advice.
For exclusive news, analysis and on-chain data Telegram our group, twitter our account and YouTube Follow our channel now! Moreover Android And iOS Start live price monitoring now by downloading our applications!