PANews|Jul 15, 2026 03:27
[Drips Network Loses 25,000 DAI Due to Integer Conversion Vulnerability]
According to a SlowMist security alert, the `give` function in the DaiDripsHub contract of Drips Network contains an integer type conversion vulnerability, resulting in a loss of 24,882.99 DAI. The root cause of the vulnerability lies in the failure to verify `amt <= type(int128).max` when converting `uint128 amt` to `int128`. The attacker passed in `2^128 - reserveBalance` (exceeding the maximum value of `int128`), causing `int128(amt)` to become a negative value. The negation `-int128(amt)` then turned into a positive value, reversing the fund flow from "user payment" to "reserve withdrawal to user," thereby depleting the DAI reserves. The attacker's address, the victim contract, and the attack contract have been publicly disclosed.
Share To
Timeline
HotFlash
APP
X
Telegram
CopyLink