SlowMist
SlowMist|Jul 15, 2026 03:25
🚨SlowMist TI Alert🚨 💸 @dripsnetwork Loss: 24,882.99 DAI 🔍 Root Cause: Integer type conversion flaw in `DaiDripsHub`'s `give(address,uint128)` function. The function converts `uint128 amt` to `int128` without validating `amt <= type(int128).max`. Attackers pass `2^128 - reserveBalance` (exceeding int128 max), causing `int128(amt)` to become a negative value. `-int128(amt)` then becomes positive, flipping the transfer direction from "user pays" to "reserve withdraws to user," draining DAI. 📌 Attacker: 0x84da7a5e2315eb798f04b75554aeb15047269cce 📌 Victim Contract (DaiReserve): 0xf9bbb2df44cfe46e501cf91c99b2f8fef9d9d44a 📌 Vulnerable Contract (Hub Proxy): 0x73043143e0a6418cc45d82d4505b096b802fd365 📌 Attack Contract: 0x00c64b5a926ba1fcec30efad88c344c619f54f12 Summary: Missing input validation allows a crafted `give()` call to reverse fund flow, draining the reserve. Powered by http://SlowMist.AI Tx: https://etherscan.io/tx/0xc38a6e2259a85ced94238a0b0a49697992f2a6b8140c28f3fd2343d3d8434130 https://polygonscan.com/tx/0x0a82994697f867970a33b9d88e57f80255dd8b50bfaeed3daf7b9e3cfbec6ac7(SlowMist)
+3
Mentioned
Share To

Timeline

HotFlash

APP

X

Telegram

Facebook

Reddit

CopyLink

Hot Reads