• bitcoinBitcoin (BTC) $ 117,850.00
  • ethereumEthereum (ETH) $ 3,800.03
  • xrpXRP (XRP) $ 3.11
  • tetherTether (USDT) $ 0.999795
  • bnbBNB (BNB) $ 798.24
  • solanaSolana (SOL) $ 180.06
  • usd-coinUSDC (USDC) $ 0.999738
  • staked-etherLido Staked Ether (STETH) $ 3,795.41
  • dogecoinDogecoin (DOGE) $ 0.222104
  • tronTRON (TRX) $ 0.337098
  • cardanoCardano (ADA) $ 0.777643
  • wrapped-stethWrapped stETH (WSTETH) $ 4,579.95
  • wrapped-bitcoinWrapped Bitcoin (WBTC) $ 117,875.00
  • hyperliquidHyperliquid (HYPE) $ 43.05
  • suiSui (SUI) $ 3.78
  • stellarStellar (XLM) $ 0.417406
  • wrapped-beacon-ethWrapped Beacon ETH (WBETH) $ 4,081.13
  • chainlinkChainlink (LINK) $ 17.69
  • bitcoin-cashBitcoin Cash (BCH) $ 564.41
  • hedera-hashgraphHedera (HBAR) $ 0.258302
  • wrapped-eethWrapped eETH (WEETH) $ 4,074.18
  • avalanche-2Avalanche (AVAX) $ 24.04
  • wethWETH (WETH) $ 3,799.05
  • leo-tokenLEO Token (LEO) $ 8.96
  • the-open-networkToncoin (TON) $ 3.43
  • litecoinLitecoin (LTC) $ 107.81
  • ethena-usdeEthena USDe (USDE) $ 1.00
  • shiba-inuShiba Inu (SHIB) $ 0.000013
  • usdsUSDS (USDS) $ 0.999615
  • binance-bridged-usdt-bnb-smart-chainBinance Bridged USDT (BNB Smart Chain) (BSC-USD) $ 0.999900
  • whitebitWhiteBIT Coin (WBT) $ 44.00
  • coinbase-wrapped-btcCoinbase Wrapped BTC (CBBTC) $ 117,851.00
  • uniswapUniswap (UNI) $ 10.29
  • polkadotPolkadot (DOT) $ 3.87
  • moneroMonero (XMR) $ 314.37
  • bitget-tokenBitget Token (BGB) $ 4.51
  • pepePepe (PEPE) $ 0.000011
  • crypto-com-chainCronos (CRO) $ 0.142680
  • ethena-staked-usdeEthena Staked USDe (SUSDE) $ 1.19
  • aaveAave (AAVE) $ 280.88
  • daiDai (DAI) $ 0.999974
  • ethenaEthena (ENA) $ 0.569667
  • bittensorBittensor (TAO) $ 378.33
  • nearNEAR Protocol (NEAR) $ 2.69
  • ethereum-classicEthereum Classic (ETC) $ 21.58
  • pi-networkPi Network (PI) $ 0.424178
  • aptosAptos (APT) $ 4.53
  • ondo-financeOndo (ONDO) $ 0.951175
  • internet-computerInternet Computer (ICP) $ 5.40
  • okbOKB (OKB) $ 48.14
  • jito-staked-solJito Staked SOL (JITOSOL) $ 219.28
  • mantleMantle (MNT) $ 0.765965
  • kaspaKaspa (KAS) $ 0.094113
  • blackrock-usd-institutional-digital-liquidity-fundBlackRock USD Institutional Digital Liquidity Fund (BUIDL) $ 1.00
  • pudgy-penguinsPudgy Penguins (PENGU) $ 0.037109
  • binance-peg-wethBinance-Peg WETH (WETH) $ 3,798.61
  • algorandAlgorand (ALGO) $ 0.257998
  • bonkBonk (BONK) $ 0.000029
  • usd1-wlfiUSD1 (USD1) $ 0.999114
  • arbitrumArbitrum (ARB) $ 0.420423
  • vechainVeChain (VET) $ 0.024921
  • gatechain-tokenGate (GT) $ 17.51
  • cosmosCosmos Hub (ATOM) $ 4.54
  • render-tokenRender (RENDER) $ 3.88
  • polygon-ecosystem-tokenPOL (ex-MATIC) (POL) $ 0.220195
  • fasttokenFasttoken (FTN) $ 4.57
  • worldcoin-wldWorldcoin (WLD) $ 1.07
  • official-trumpOfficial Trump (TRUMP) $ 9.43
  • spx6900SPX6900 (SPX) $ 1.98
  • fetch-aiArtificial Superintelligence Alliance (FET) $ 0.703760
  • skySky (SKY) $ 0.085604
  • sei-networkSei (SEI) $ 0.311737
  • binance-staked-solBinance Staked SOL (BNSOL) $ 191.79
  • susdssUSDS (SUSDS) $ 1.06
  • rocket-pool-ethRocket Pool ETH (RETH) $ 4,336.71
  • filecoinFilecoin (FIL) $ 2.54
  • flare-networksFlare (FLR) $ 0.024820
  • quant-networkQuant (QNT) $ 118.66
  • kelp-dao-restaked-ethKelp DAO Restaked ETH (RSETH) $ 3,983.56
  • story-2Story (IP) $ 5.61
  • lombard-staked-btcLombard Staked BTC (LBTC) $ 117,749.00
  • jupiter-perpetuals-liquidity-provider-tokenJupiter Perpetuals Liquidity Provider Token (JLP) $ 5.04
  • xdce-crowd-saleXDC Network (XDC) $ 0.100045
  • jupiter-exchange-solanaJupiter (JUP) $ 0.528746
  • usdtbUSDtb (USDTB) $ 0.999872
  • stakewise-v3-osethStakeWise Staked ETH (OSETH) $ 4,020.62
  • kucoin-sharesKuCoin (KCS) $ 11.25
  • mantle-staked-etherMantle Staked Ether (METH) $ 4,061.74
  • liquid-staked-ethereumLiquid Staked ETH (LSETH) $ 4,103.69
  • injective-protocolInjective (INJ) $ 14.10
  • curve-dao-tokenCurve DAO (CRV) $ 0.997374
  • usdt0USDT0 (USDT0) $ 0.998855
  • first-digital-usdFirst Digital USD (FDUSD) $ 0.996685
  • celestiaCelestia (TIA) $ 1.83
  • nexoNEXO (NEXO) $ 1.31
  • renzo-restaked-ethRenzo Restaked ETH (EZETH) $ 3,998.81
  • optimismOptimism (OP) $ 0.716188
  • polygon-bridged-usdt-polygonPolygon Bridged USDT (Polygon) (USDT) $ 0.999594
  • blockstackStacks (STX) $ 0.766042
  • falcon-financeFalcon USD (USDF) $ 0.999738
  • solv-btcSolv Protocol BTC (SOLVBTC) $ 117,820.00
  • flokiFLOKI (FLOKI) $ 0.000114
  • jupiter-staked-solJupiter Staked SOL (JUPSOL) $ 202.53
  • fartcoinFartcoin (FARTCOIN) $ 1.08
  • wbnbWrapped BNB (WBNB) $ 798.20
  • immutable-xImmutable (IMX) $ 0.549851
  • conflux-tokenConflux (CFX) $ 0.201350
  • binance-bridged-usdc-bnb-smart-chainBinance Bridged USDC (BNB Smart Chain) (USDC) $ 1.00
  • the-graphThe Graph (GRT) $ 0.100558
  • sonic-3Sonic (S) $ 0.303903
  • pancakeswap-tokenPancakeSwap (CAKE) $ 2.84
  • dogwifcoindogwifhat (WIF) $ 0.977387
  • paypal-usdPayPal USD (PYUSD) $ 1.00
  • pax-goldPAX Gold (PAXG) $ 3,336.52
  • saros-financeSaros (SAROS) $ 0.358307
  • arbitrum-bridged-wbtc-arbitrum-oneArbitrum Bridged WBTC (Arbitrum One) (WBTC) $ 117,788.00
  • ethereum-name-serviceEthereum Name Service (ENS) $ 28.33
  • clbtcclBTC (CLBTC) $ 120,697.00
  • pump-funPump.fun (PUMP) $ 0.002640
  • syrupusdcSyrupUSDC (SYRUPUSDC) $ 1.11
  • kaiaKaia (KAIA) $ 0.158966
  • msolMarinade Staked SOL (MSOL) $ 235.97
  • lido-daoLido DAO (LDO) $ 1.03
  • virtual-protocolVirtuals Protocol (VIRTUAL) $ 1.36
  • tezosTezos (XTZ) $ 0.844748
  • ether-fi-staked-ethether.fi Staked ETH (EETH) $ 3,794.53
  • vaultaVaulta (A) $ 0.539167
  • theta-tokenTheta Network (THETA) $ 0.838872
  • tether-goldTether Gold (XAUT) $ 3,331.65
  • super-oethSuper OETH (SUPEROETH) $ 3,795.58
  • raydiumRaydium (RAY) $ 3.00
  • mantle-restaked-ethMantle Restaked ETH (CMETH) $ 4,056.78
  • iotaIOTA (IOTA) $ 0.200660
  • cgeth-hashkey-cloudcgETH Hashkey Cloud (CGETH.HASH) $ 3,916.04
  • jasmycoinJasmyCoin (JASMY) $ 0.015803
  • galaGALA (GALA) $ 0.016555
  • pendlePendle (PENDLE) $ 4.40
  • the-sandboxThe Sandbox (SAND) $ 0.291159
  • pyth-networkPyth Network (PYTH) $ 0.123713
  • aerodrome-financeAerodrome Finance (AERO) $ 0.819803
  • ousgOUSG (OUSG) $ 111.98
  • bittorrentBitTorrent (BTT) $ 0.00000069
  • usdx-money-usdxStables Labs USDX (USDX) $ 0.998354
  • ondo-us-dollar-yieldOndo US Dollar Yield (USDY) $ 1.08
  • jito-governance-tokenJito (JTO) $ 1.88
  • tbtctBTC (TBTC) $ 117,778.00
  • l2-standard-bridged-weth-baseL2 Standard Bridged WETH (Base) (WETH) $ 3,796.82
  • zcashZcash (ZEC) $ 39.46
  • flowFlow (FLOW) $ 0.391301
  • newton-projectAB (AB) $ 0.008559
  • stader-ethxStader ETHx (ETHX) $ 4,039.15
  • heliumHelium (HNT) $ 3.15
  • usual-usdUsual USD (USD0) $ 0.997609
  • walrus-2Walrus (WAL) $ 0.422125
  • morphoMorpho (MORPHO) $ 1.80
  • ripple-usdRipple USD (RLUSD) $ 1.00
  • bitcoin-avalanche-bridged-btc-bAvalanche Bridged BTC (Avalanche) (BTC.B) $ 117,907.00
  • decentralandDecentraland (MANA) $ 0.297464
  • binance-peg-dogecoinBinance-Peg Dogecoin (DOGE) $ 0.222039
  • usddUSDD (USDD) $ 0.999353
  • solv-protocol-solvbtc-bbnSolv Protocol Staked BTC (XSOLVBTC) $ 116,802.00
  • arbitrum-bridged-weth-arbitrum-oneArbitrum Bridged WETH (Arbitrum One) (WETH) $ 3,797.80
  • memecoreMemeCore (M) $ 0.333622
  • mog-coinMog Coin (MOG) $ 0.000001
  • bitcoin-svBitcoin SV (BSV) $ 27.62
  • coinbase-wrapped-staked-ethCoinbase Wrapped Staked ETH (CBETH) $ 4,186.37
  • chain-2Onyxcoin (XCN) $ 0.015803
  • beldexBeldex (BDX) $ 0.075851
  • syrupMaple Finance (SYRUP) $ 0.452592
  • coredaoorgCore (CORE) $ 0.531204
  • based-brettBrett (BRETT) $ 0.051881
  • build-onBUILDon (B) $ 0.508123
  • swethSwell Ethereum (SWETH) $ 4,156.88
  • ether-fiEther.fi (ETHFI) $ 1.18
  • telcoinTelcoin (TEL) $ 0.005372
  • true-usdTrueUSD (TUSD) $ 0.998249
  • reserve-rights-tokenReserve Rights (RSR) $ 0.008374
  • thorchainTHORChain (RUNE) $ 1.39
  • apecoinApeCoin (APE) $ 0.607591
  • arweaveArweave (AR) $ 7.40
  • apenftAPENFT (NFT) $ 0.00000049
  • keetaKeeta (KTA) $ 1.14
  • savings-daiSavings Dai (SDAI) $ 1.16
  • frax-etherFrax Ether (FRXETH) $ 3,737.54
  • starknetStarknet (STRK) $ 0.125879
  • neoNEO (NEO) $ 6.39
  • aioz-networkAIOZ Network (AIOZ) $ 0.377033
  • polygon-pos-bridged-weth-polygon-posPolygon PoS Bridged WETH (Polygon POS) (WETH) $ 3,797.51
  • dydx-chaindYdX (DYDX) $ 0.587648
  • compound-governance-tokenCompound (COMP) $ 46.93
  • zebec-networkZebec Network (ZBCN) $ 0.005035
  • wrapped-hypeWrapped HYPE (WHYPE) $ 42.97
  • wemix-tokenWEMIX (WEMIX) $ 0.949402
  • ecasheCash (XEC) $ 0.000022
  • elrond-erd-2MultiversX (EGLD) $ 15.07
  • sun-tokenSun Token (SUN) $ 0.022064
  • dexeDeXe (DEXE) $ 7.35
  • treehouse-ethTreehouse ETH (TETH) $ 4,592.25
  • kavaKava (KAVA) $ 0.385265
  • bridged-usdc-polygon-pos-bridgeBridged USDC (Polygon PoS Bridge) (USDC.E) $ 0.999709
Bitcoin

SuperRare $730,000 exploit was easily preventable — Experts weigh in

By admin
0 2

SuperRare $730,000 exploit was easily preventable — Experts weigh in

NFT trading platform SuperRare suffered a $730,000 exploit on Monday due to a basic smart contract bug that experts say could have easily been prevented with standard testing practices.

SuperRare’s (RARE) staking contract was exploited on Monday with around $731,000 worth of RARE tokens stolen, according to crypto cybersecurity firm Cyvers.

The vulnerability stems from a function meant to allow only specific addresses to modify the Merkle root, a critical data structure that determines user staking balances. However, the logic was mistakenly written to allow any address to interact with the function.

0xAw, lead developer at Base decentralized exchange Alien Base, pointed out that the mistake in question was obvious enough to be caught by ChatGPT. Cointelegraph independently verified that OpenAI’s o3 model successfully identified the flaw when tested.

SuperRare $730,000 exploit was easily preventable — Experts weigh in

Relevant code in the SuperRare token staking contract. Source: Cointelegraph

“ChatGPT would’ve caught this, any half competent Solidity dev would’ve caught this. Basically anyone, if they looked. Most likely nobody did,” 0xAw told Cointelegraph.

SuperRare co-founder Jonathan Perkins told Cointelegraph that no core protocol funds were lost, and affected users will be made whole. He said that it appears that 61 wallets are affected.

“We’ve learned from it, and now future changes will go through a much more robust review pipeline,“ he said.

Related: Crypto hacks surpass $3.1B in 2025 as access flaws persist: Hacken

Anatomy of a vulnerability

To determine whether changing the Merkle root should be allowed, the smart contract checked if the interacting address was not a specific address or the contract’s owner. This is the opposite logic to what was intended to be enforced, allowing anyone to siphon the staked RARE out of the contract.

SuperRare $730,000 exploit was easily preventable — Experts weigh in

The line containing the relevant check. Source: Cointelegraph

A senior engineer at crypto insurance firm Nexus Mutual told Cointelegraph that “unit tests would have caught this mistake.”

Mike Tiutin, blockchain architect and chief technology officer at firm AMLBot, said, “It’s a silly mistake of the developer that was not covered by tests (that’s why full coverage is important).”

AMLBot CEO Slava Demchuk also came to the same conclusion, noting that “there was no extensive testing (or a bug bounty program) that could have found it pre-deployment.” He highlighted the importance of testing, noting that it is a “classic example why smart contract logic must be rigorously audited.” He added:

“This stands as a stark reminder: in decentralized systems, even a one-character mistake can have severe consequences.”

While Perkins insisted the contracts were audited and unit-tested, he acknowledged that the bug was introduced late in the process and wasn’t covered in final test scenarios:

“It’s a painful reminder of how even small changes in complex systems can have unintended consequences.“

Related: Indian crypto exchange CoinDCX hacked, $44M drained

The importance of unit testing

Unit tests are small, automated tests that check whether individual parts (“units”) of a program — typically functions or methods — work as expected. Each test targets a specific behavior or output based on a given input, helping to catch bugs early.

In this case, the tests that verify whether addresses can or cannot call the function to modify the Merkle root would have failed.

“By oversight or inadequate testing, the effect was the same: an avoidable vulnerability that cost massively,“ Demchuk told Cointelegraph.

0xAw similarly said that “the problem was, of course, the apparently complete lack of testing.” He said that “it’s not even a kind of code that works well in normal conditions, and fails if you push it in the right places.”

“This code just does the opposite of what you expect,“ he added.

Perkins told Cointelegraph that moving forward, SuperRare has introduced new workflows that mandate re-audits for any post-audit changes, no matter how minor.

Most vulnerabilities are oversights

0xAw said that the mistake is “a normal human error.” Instead, what he views as a “monumental mistake” is that it “made it to production and stayed there.”

0xAw highlighted that the vast majority of serious vulnerabilities originate from “really stupid and easily preventable mistakes.” Still, he admitted that “they’re usually a bit harder to notice than this.”

Hacken’s head of incident response, Yehor Rudytsia, agreed that thorough test coverage would have caught the flaw.

“If reviewing this function, it’s a pretty obvious bug,” he said.

Magazine: North Korea crypto hackers tap ChatGPT, Malaysia road money siphoned: Asia Express

Source

admin 11368 posts 0 comments
You might also like More from author

Leave A Reply

Your email address will not be published.