CertiK Monitoring: NFT market suspected of being attacked by Flash Loans contracts, with logic vulnerabilities in makeOffer and acceptOffer.

WuSaidBlockchainW · 2025-04-08T09:18:50+00:00

CertiK has issued an alert, revealing an attack exploiting vulnerabilities in Flash Loans and NFT market contracts. The attacker used zero-fee Flash Loan operations to exploit the vulnerabilities in the NFT market, allowing for asset transfer before repaying the loan. No funds have been lost so far, and it is recommended that relevant projects immediately review their permission and parameter verification mechanisms.

WuSaidBlockchainW

2025-04-08 09:18:50

Abstract generation in progress

Wu said that CertiK issued an alert that it detected an attack that was suspected of exploiting a vulnerability in the contract of the flash loan and NFT marketplace. The attacker initiates an operation through a 0-fee flash loan, and exploits the deleGate.iocall and quotation logic vulnerabilities (makeOffer and acceptOffer) in the NFT marketplace to return the flash loan after the abnormal transfer of assets, completing a “traceless exit”. At present, there has been no direct financial loss, but it is recommended that projects that use the deleGate.iocall quotation logic immediately review the permission control and parameter verification mechanism.

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.