Phalcon: The TrustPad protocol was attacked due to several design flaws in the staking logic
Phalcon, a trading browser, claimed on social media X (formerly Twitter) that the TrustPad protocol was attacked due to several design flaws in the staking logic, namely manipulating the locking period through external calls from untrusted sources to obtain pending rewards. In the receiveUpPool function of the LaunchpadLockableStake contract, if an account is not locked, the depositLockStart time will be set. Then the attacker manipulates it to immediately deposit (through the receiveUpPool function) and withdraw to accumulate pending rewards. In addition, another function, stakePendingRewards, allows attackers to convert accumulated pending rewards into staked amounts, allowing them to extract staking rewards in the form of TPAD tokens in future transactions and sell tokens for profit.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Evaluating Probability of Ethereum Breaching the $4K Milestone Soon
Ethereum's Potential Bull Run Versus Existing Downward Forces: The Battle for the $4K Mark
What Stage of the Bitcoin Bull are We in? Are We Nearing The End Or Are We Just Getting Started?
Which stage of the bull run are we in in Bitcoin, the world's largest cryptocurrency? Are we nearing the end of the bull run? Here is the analyst forecast.
IOTA Rebased Testnet Onboards Trusted Validators Securing Billions in Assets
NEAR Protocol Supports Web3 AI With New $20M Development Fund
Trending news
MoreCrypto prices
More
