Ancilia: The root cause of the ParaSpace attack occurred in the scaledBalanceOf() function of the 0xddde3 contract
According to reports from the Web3 network security company Ancilia, the root cause of the attack on the NFT lending protocol ParaSpace occurred in the scaledBalanceOf() function of the contract 0xddde38696fbe5d11497d72d8801f651642d62353, which is used to calculate the user’s collateral through the supply() function. However, manipulating the number of APE tokens in the function getPooledApeByShares() allows scaledBalanceOf() to return a large value. Users can own a large amount of collateral and use it to borrow more assets.
Interpretation of this information:
In recent news, Ancilia, a Web3 network security company, has identified the root cause of the attack on the NFT lending protocol ParaSpace. The contract 0xddde38696fbe5d11497d72d8801f651642d62353, which calculates user’s collateral through the supply() function, was exploited through the scaledBalanceOf() function. By manipulating the number of APE tokens in the getPooledApeByShares() function, users were able to obtain a large amount of collateral and use it to borrow more assets.
This vulnerability in the ParaSpace protocol highlights the importance of secure coding practices and regular security audits. Attacks on DeFi platforms have increased in frequency and sophistication, making it crucial for developers and users to stay vigilant and up-to-date with the latest security measures. It also emphasizes the need for more robust testing frameworks to identify potential vulnerabilities before they are deployed on the mainnet.
In conclusion, the ParaSpace attack serves as a reminder of the need for secure coding practices and regular security audits. The use of DeFi platforms continues to increase, and with it, the frequency and sophistication of attacks. As such, it is crucial for developers and users to prioritize security and stay up-to-date with the latest security measures.
This article and pictures are from the Internet and do not represent 96Coin's position. If you infringe, please contact us to delete:https://www.96coin.com/43625.html
It is strongly recommended that you study, review, analyze and verify the content independently, use the relevant data and content carefully, and bear all risks arising therefrom.