SlowMist warns about ‘fake deposit’ flaw in Lido Token contract
Blockchain security firm SlowMist says malicious actors have already exploited the vulnerability in the LDO Token contract on several cryptocurrency exchanges. A blockchain security firm, SlowMist, took to X (formerly Twitter) to warn users about a “known operational issue” in the LDO Token contract , saying the vulnerability has already been exploited on trading platforms without naming them. In an X post published on Sept. 10, the blockchain firm cautioned users about the so-called “fake deposit” attack, which allows bad actors to remotely execute a transfer operation where the requested value is larger than what the victim owns. Specifically, when the LDO token contract executes a transfer operation with a quantity exceeding the user's actual holdings, it doesn't trigger the usual transaction rollback. Instead, it merely returns “false” as the outcome rather than indicating a failure. — SlowMist (@SlowMist_Team) September 10, 2023 Y...