Slow Mist Analysis Truebit Security Event Reason: Contract Lack of Overflow Protection

SlowMist security team releases Truebit Protocol security incident analysis report. On January 8th, Truebit Protocol was attacked due to an integer overflow vulnerability in the Purchase contract. The attacker minted TRU tokens at near zero cost and stole 8535 ETH (approximately $26.44 million). The root cause of the incident was the lack of overflow protection mechanism in the contract, resulting in price calculation errors, and the stolen funds have been transferred to Tornado Cash. SlowMist suggests using SafeMath to protect arithmetic operations and prevent overflow vulnerabilities for contracts compiled before Solidity 0.8.0.