AzukiDao’s governance token contract, known as “bean,” has fallen victim to an exploit due to a critical vulnerability. This exploit allowed two attackers to take advantage of the vulnerability and profit by acquiring 35 ETH, according to a report by @MetaSleuth. The exploit was made possible due to inadequate checks on the signatureClaimed variable within the contract, leaving it vulnerable to replay attacks. Consequently, as a security measure, the contract has been paused, preventing any further exploitation.
@MetaSleuth, a reputable source of blockchain security analysis, brought attention to the vulnerability in AzukiDao’s contract. Their investigation revealed that the signatureClaimed variable, which should have been properly verified and validated, was not adequately checked. This oversight enabled the attackers to conduct replay attacks, exploiting the vulnerability multiple times for personal gain.
Replay attacks are a type of cyber attack where an attacker intercepts and maliciously repeats a valid transaction on the network. In this case, the vulnerability in AzukiDao’s contract allowed the attackers to replay their initial transaction, resulting in the unauthorized acquisition of 35 ETH. This incident highlights the importance of meticulous code review and rigorous testing before deploying smart contracts on the blockchain.
Upon discovering the exploit, the AzukiDao development team swiftly responded by pausing the contract. By halting its functionality, they aim to prevent any further malicious activities and safeguard the community’s funds. This proactive measure demonstrates AzukiDao’s commitment to ensuring the security and trustworthiness of their platform.