• bitcoinBitcoin (BTC) $ 112,509.00
  • ethereumEthereum (ETH) $ 3,985.28
  • tetherTether (USDT) $ 1.00
  • xrpXRP (XRP) $ 2.62
  • bnbBNB (BNB) $ 1,104.03
  • usd-coinUSDC (USDC) $ 0.999902
  • staked-etherLido Staked Ether (STETH) $ 3,984.43
  • dogecoinDogecoin (DOGE) $ 0.193799
  • tronTRON (TRX) $ 0.295245
  • cardanoCardano (ADA) $ 0.643983
  • wrapped-stethWrapped stETH (WSTETH) $ 4,852.97
  • wrapped-bitcoinWrapped Bitcoin (WBTC) $ 112,454.00
  • wrapped-beacon-ethWrapped Beacon ETH (WBETH) $ 4,305.03
  • figure-helocFigure Heloc (FIGR_HELOC) $ 1.03
  • hyperliquidHyperliquid (HYPE) $ 48.24
  • chainlinkChainlink (LINK) $ 17.84
  • bitcoin-cashBitcoin Cash (BCH) $ 561.29
  • wrapped-eethWrapped eETH (WEETH) $ 4,302.45
  • stellarStellar (XLM) $ 0.317630
  • ethena-usdeEthena USDe (USDE) $ 0.999476
  • usdsUSDS (USDS) $ 0.999851
  • suiSui (SUI) $ 2.51
  • binance-bridged-usdt-bnb-smart-chainBinance Bridged USDT (BNB Smart Chain) (BSC-USD) $ 1.00
  • leo-tokenLEO Token (LEO) $ 9.61
  • wethWETH (WETH) $ 3,985.23
  • avalanche-2Avalanche (AVAX) $ 19.44
  • hedera-hashgraphHedera (HBAR) $ 0.194598
  • coinbase-wrapped-btcCoinbase Wrapped BTC (CBBTC) $ 112,454.00
  • litecoinLitecoin (LTC) $ 96.66
  • usdt0USDT0 (USDT0) $ 1.00
  • moneroMonero (XMR) $ 334.18
  • whitebitWhiteBIT Coin (WBT) $ 42.44
  • shiba-inuShiba Inu (SHIB) $ 0.000010
  • the-open-networkToncoin (TON) $ 2.27
  • crypto-com-chainCronos (CRO) $ 0.150413
  • zcashZcash (ZEC) $ 319.05
  • mantleMantle (MNT) $ 1.60
  • ethena-staked-usdeEthena Staked USDe (SUSDE) $ 1.20
  • daiDai (DAI) $ 0.998911
  • polkadotPolkadot (DOT) $ 3.05
  • bittensorBittensor (TAO) $ 428.86
  • memecoreMemeCore (M) $ 2.27
  • world-liberty-financialWorld Liberty Financial (WLFI) $ 0.140810
  • uniswapUniswap (UNI) $ 6.34
  • aaveAave (AAVE) $ 229.23
  • susdssUSDS (SUSDS) $ 1.07
  • okbOKB (OKB) $ 162.69
  • ethenaEthena (ENA) $ 0.459091
  • bitget-tokenBitget Token (BGB) $ 4.67
  • usd1-wlfiUSD1 (USD1) $ 1.00
  • pepePepe (PEPE) $ 0.000007
  • nearNEAR Protocol (NEAR) $ 2.24
  • blackrock-usd-institutional-digital-liquidity-fundBlackRock USD Institutional Digital Liquidity Fund (BUIDL) $ 1.00
  • paypal-usdPayPal USD (PYUSD) $ 0.999971
  • jito-staked-solJito Staked SOL (JITOSOL) $ 240.51
  • solanaSolana (SOL) $ 194.38
  • ethereum-classicEthereum Classic (ETC) $ 15.92
  • binance-peg-wethBinance-Peg WETH (WETH) $ 3,987.29
  • aptosAptos (APT) $ 3.35
  • ondo-financeOndo (ONDO) $ 0.730074
  • jupiter-perpetuals-liquidity-provider-tokenJupiter Perpetuals Liquidity Provider Token (JLP) $ 5.53
  • pi-networkPi Network (PI) $ 0.266617
  • aster-2Aster (ASTER) $ 1.08
  • falcon-financeFalcon USD (USDF) $ 0.997654
  • tether-goldTether Gold (XAUT) $ 3,977.67
  • polygon-ecosystem-tokenPOL (ex-MATIC) (POL) $ 0.194370
  • worldcoin-wldWorldcoin (WLD) $ 0.867460
  • usdtbUSDtb (USDTB) $ 0.998881
  • rocket-pool-ethRocket Pool ETH (RETH) $ 4,568.95
  • arbitrumArbitrum (ARB) $ 0.315542
  • kucoin-sharesKuCoin (KCS) $ 13.38
  • htx-daoHTX DAO (HTX) $ 0.000002
  • gatechain-tokenGate (GT) $ 14.66
  • kinetic-staked-hypeKinetiq Staked HYPE (KHYPE) $ 48.26
  • binance-staked-solBinance Staked SOL (BNSOL) $ 210.03
  • internet-computerInternet Computer (ICP) $ 3.06
  • pump-funPump.fun (PUMP) $ 0.004660
  • hash-2Provenance Blockchain (HASH) $ 0.032166
  • story-2Story (IP) $ 5.02
  • algorandAlgorand (ALGO) $ 0.183770
  • kelp-dao-restaked-ethKelp DAO Restaked ETH (RSETH) $ 4,210.93
  • kaspaKaspa (KAS) $ 0.057133
  • stakewise-v3-osethStakeWise Staked ETH (OSETH) $ 4,208.35
  • official-trumpOfficial Trump (TRUMP) $ 7.42
  • cosmosCosmos Hub (ATOM) $ 3.10
  • vechainVeChain (VET) $ 0.016769
  • liquid-staked-ethereumLiquid Staked ETH (LSETH) $ 4,300.61
  • wbnbWrapped BNB (WBNB) $ 1,103.68
  • skySky (SKY) $ 0.058396
  • jupiter-exchange-solanaJupiter (JUP) $ 0.429498
  • lombard-staked-btcLombard Staked BTC (LBTC) $ 112,413.00
  • syrupusdcSyrup USDC (SYRUPUSDC) $ 1.13
  • bfusdBFUSD (BFUSD) $ 1.00
  • pax-goldPAX Gold (PAXG) $ 3,973.01
  • pudgy-penguinsPudgy Penguins (PENGU) $ 0.020573
  • flare-networksFlare (FLR) $ 0.016706
  • syrupusdtsyrupUSDT (SYRUPUSDT) $ 1.10
  • renzo-restaked-ethRenzo Restaked ETH (EZETH) $ 4,234.43
  • render-tokenRender (RENDER) $ 2.42
  • sei-networkSei (SEI) $ 0.195300
  • binance-bridged-usdc-bnb-smart-chainBinance Bridged USDC (BNB Smart Chain) (USDC) $ 0.999652
  • solv-btcSolv Protocol BTC (SOLVBTC) $ 112,186.00
  • nexoNEXO (NEXO) $ 1.13
  • bonkBonk (BONK) $ 0.000014
  • filecoinFilecoin (FIL) $ 1.56
  • xdce-crowd-saleXDC Network (XDC) $ 0.060748
  • first-digital-usdFirst Digital USD (FDUSD) $ 0.997699
  • morphoMorpho (MORPHO) $ 1.93
  • immutable-xImmutable (IMX) $ 0.518584
  • virtual-protocolVirtuals Protocol (VIRTUAL) $ 1.52
  • mantle-staked-etherMantle Staked Ether (METH) $ 4,302.77
  • jupiter-staked-solJupiter Staked SOL (JUPSOL) $ 222.67
  • global-dollarGlobal Dollar (USDG) $ 1.00
  • spx6900SPX6900 (SPX) $ 1.02
  • ripple-usdRipple USD (RLUSD) $ 0.999725
  • arbitrum-bridged-wbtc-arbitrum-oneArbitrum Bridged WBTC (Arbitrum One) (WBTC) $ 112,511.00
  • aerodrome-financeAerodrome Finance (AERO) $ 0.990879
  • pancakeswap-tokenPancakeSwap (CAKE) $ 2.61
  • clbtcclBTC (CLBTC) $ 112,683.00
  • fasttokenFasttoken (FTN) $ 1.92
  • celestiaCelestia (TIA) $ 1.00
  • optimismOptimism (OP) $ 0.436675
  • injective-protocolInjective (INJ) $ 8.40
  • hashnote-usycCircle USYC (USYC) $ 1.10
  • msolMarinade Staked SOL (MSOL) $ 259.29
  • lido-daoLido DAO (LDO) $ 0.902572
  • blockstackStacks (STX) $ 0.441612
  • ousgOUSG (OUSG) $ 113.09
  • doublezeroDoubleZero (2Z) $ 0.224961
  • chainopera-aiChainOpera AI (COAI) $ 3.79
  • curve-dao-tokenCurve DAO (CRV) $ 0.533571
  • superstate-short-duration-us-government-securities-fund-ustbSuperstate Short Duration U.S. Government Securities Fund (USTB) (USTB) $ 10.87
  • ether-fi-liquid-ethEther.Fi Liquid ETH (LIQUIDETH) $ 4,225.05
  • l2-standard-bridged-weth-baseL2 Standard Bridged WETH (Base) (WETH) $ 3,984.48
  • flokiFLOKI (FLOKI) $ 0.000071
  • usdx-money-usdxStables Labs USDX (USDX) $ 0.999370
  • plasmaPlasma (XPL) $ 0.362092
  • ondo-us-dollar-yieldOndo US Dollar Yield (USDY) $ 1.09
  • fetch-aiArtificial Superintelligence Alliance (FET) $ 0.258231
  • tbtctBTC (TBTC) $ 111,960.00
  • the-graphThe Graph (GRT) $ 0.062458
  • pyth-networkPyth Network (PYTH) $ 0.111533
  • kaiaKaia (KAIA) $ 0.107964
  • tezosTezos (XTZ) $ 0.591194
  • arbitrum-bridged-weth-arbitrum-oneArbitrum Bridged WETH (Arbitrum One) (WETH) $ 3,984.29
  • stader-ethxStader ETHx (ETHX) $ 4,276.58
  • gtethGTETH (GTETH) $ 3,985.30
  • sonic-3Sonic (S) $ 0.161305
  • iotaIOTA (IOTA) $ 0.143895
  • usdaiUSDai (USDAI) $ 1.01
  • beldexBeldex (BDX) $ 0.078295
  • dashDash (DASH) $ 46.86
  • conflux-tokenConflux (CFX) $ 0.109595
  • bridged-usdc-polygon-pos-bridgePolygon Bridged USDC (Polygon PoS) (USDC.E) $ 0.999902
  • newton-projectAB (AB) $ 0.006611
  • humanityHumanity (H) $ 0.305037
  • polygon-pos-bridged-dai-polygon-posPolygon PoS Bridged DAI (Polygon POS) (DAI) $ 0.999781
  • pendlePendle (PENDLE) $ 3.24
  • usual-usdUsual USD (USD0) $ 0.998052
  • ether-fiEther.fi (ETHFI) $ 0.963966
  • coinbase-wrapped-staked-ethCoinbase Wrapped Staked ETH (CBETH) $ 4,386.05
  • swethSwell Ethereum (SWETH) $ 4,396.50
  • dogwifcoindogwifhat (WIF) $ 0.531200
  • theta-tokenTheta Network (THETA) $ 0.522324
  • trust-wallet-tokenTrust Wallet (TWT) $ 1.25
  • bitcoin-avalanche-bridged-btc-bAvalanche Bridged BTC (Avalanche) (BTC.B) $ 112,559.00
  • starknetStarknet (STRK) $ 0.119357
  • ethereum-name-serviceEthereum Name Service (ENS) $ 15.53
  • the-sandboxThe Sandbox (SAND) $ 0.210153
  • ape-and-pepeApe and Pepe (APEPE) $ 0.000002
  • mantle-bridged-usdt-mantleMantle Bridged USDT (Mantle) (USDT) $ 1.00
  • wrapped-hypeWrapped HYPE (WHYPE) $ 48.01
  • myx-financeMYX Finance (MYX) $ 2.64
  • galaGALA (GALA) $ 0.010788
  • binance-peg-dogecoinBinance-Peg Dogecoin (DOGE) $ 0.193576
  • jasmycoinJasmyCoin (JASMY) $ 0.010208
  • true-usdTrueUSD (TUSD) $ 0.997233
  • bittorrentBitTorrent (BTT) $ 0.00000049
  • ether-fi-staked-ethether.fi Staked ETH (EETH) $ 3,981.33
  • raydiumRaydium (RAY) $ 1.81
  • astherus-staked-bnbAster Staked BNB (ASBNB) $ 1,167.16
  • steakhouse-usdc-morpho-vaultSteakhouse USDC Morpho Vault (STEAKUSDC) $ 1.11
  • arbitrum-bridged-wrapped-eethArbitrum Bridged Wrapped eETH (Arbitrum) (WEETH) $ 4,298.11
  • vaultaVaulta (A) $ 0.284845
  • benqi-liquid-staked-avaxBENQI Liquid Staked AVAX (SAVAX) $ 23.96
  • heliumHelium (HNT) $ 2.43
  • decentralandDecentraland (MANA) $ 0.235222
  • swissborgSwissBorg (BORG) $ 0.458916
  • bitcoin-svBitcoin SV (BSV) $ 22.43
  • kinetiq-earn-vaultKinetiq Earn Vault (VKHYPE) $ 48.77
  • usddUSDD (USDD) $ 1.00
  • mantle-restaked-ethMantle Restaked ETH (CMETH) $ 4,302.22
  • syrupMaple Finance (SYRUP) $ 0.392797
  • sun-tokenSun Token (SUN) $ 0.022678
  • flowFlow (FLOW) $ 0.267753
  • polygon-pos-bridged-weth-polygon-posPolygon PoS Bridged WETH (Polygon POS) (WETH) $ 3,983.68
  • ghoGHO (GHO) $ 0.999755
  • jito-governance-tokenJito (JTO) $ 1.06
  • eigenlayerEigenCloud (prev. EigenLayer) (EIGEN) $ 1.05
  • frax-etherFrax Ether (FRXETH) $ 3,944.20
Bitcoin

SuperRare $730,000 exploit was easily preventable — Experts weigh in

By admin
0 28

SuperRare $730,000 exploit was easily preventable — Experts weigh in

NFT trading platform SuperRare suffered a $730,000 exploit on Monday due to a basic smart contract bug that experts say could have easily been prevented with standard testing practices.

SuperRare’s (RARE) staking contract was exploited on Monday with around $731,000 worth of RARE tokens stolen, according to crypto cybersecurity firm Cyvers.

The vulnerability stems from a function meant to allow only specific addresses to modify the Merkle root, a critical data structure that determines user staking balances. However, the logic was mistakenly written to allow any address to interact with the function.

0xAw, lead developer at Base decentralized exchange Alien Base, pointed out that the mistake in question was obvious enough to be caught by ChatGPT. Cointelegraph independently verified that OpenAI’s o3 model successfully identified the flaw when tested.

SuperRare $730,000 exploit was easily preventable — Experts weigh in

Relevant code in the SuperRare token staking contract. Source: Cointelegraph

“ChatGPT would’ve caught this, any half competent Solidity dev would’ve caught this. Basically anyone, if they looked. Most likely nobody did,” 0xAw told Cointelegraph.

SuperRare co-founder Jonathan Perkins told Cointelegraph that no core protocol funds were lost, and affected users will be made whole. He said that it appears that 61 wallets are affected.

“We’ve learned from it, and now future changes will go through a much more robust review pipeline,“ he said.

Related: Crypto hacks surpass $3.1B in 2025 as access flaws persist: Hacken

Anatomy of a vulnerability

To determine whether changing the Merkle root should be allowed, the smart contract checked if the interacting address was not a specific address or the contract’s owner. This is the opposite logic to what was intended to be enforced, allowing anyone to siphon the staked RARE out of the contract.

SuperRare $730,000 exploit was easily preventable — Experts weigh in

The line containing the relevant check. Source: Cointelegraph

A senior engineer at crypto insurance firm Nexus Mutual told Cointelegraph that “unit tests would have caught this mistake.”

Mike Tiutin, blockchain architect and chief technology officer at firm AMLBot, said, “It’s a silly mistake of the developer that was not covered by tests (that’s why full coverage is important).”

AMLBot CEO Slava Demchuk also came to the same conclusion, noting that “there was no extensive testing (or a bug bounty program) that could have found it pre-deployment.” He highlighted the importance of testing, noting that it is a “classic example why smart contract logic must be rigorously audited.” He added:

“This stands as a stark reminder: in decentralized systems, even a one-character mistake can have severe consequences.”

While Perkins insisted the contracts were audited and unit-tested, he acknowledged that the bug was introduced late in the process and wasn’t covered in final test scenarios:

“It’s a painful reminder of how even small changes in complex systems can have unintended consequences.“

Related: Indian crypto exchange CoinDCX hacked, $44M drained

The importance of unit testing

Unit tests are small, automated tests that check whether individual parts (“units”) of a program — typically functions or methods — work as expected. Each test targets a specific behavior or output based on a given input, helping to catch bugs early.

In this case, the tests that verify whether addresses can or cannot call the function to modify the Merkle root would have failed.

“By oversight or inadequate testing, the effect was the same: an avoidable vulnerability that cost massively,“ Demchuk told Cointelegraph.

0xAw similarly said that “the problem was, of course, the apparently complete lack of testing.” He said that “it’s not even a kind of code that works well in normal conditions, and fails if you push it in the right places.”

“This code just does the opposite of what you expect,“ he added.

Perkins told Cointelegraph that moving forward, SuperRare has introduced new workflows that mandate re-audits for any post-audit changes, no matter how minor.

Most vulnerabilities are oversights

0xAw said that the mistake is “a normal human error.” Instead, what he views as a “monumental mistake” is that it “made it to production and stayed there.”

0xAw highlighted that the vast majority of serious vulnerabilities originate from “really stupid and easily preventable mistakes.” Still, he admitted that “they’re usually a bit harder to notice than this.”

Hacken’s head of incident response, Yehor Rudytsia, agreed that thorough test coverage would have caught the flaw.

“If reviewing this function, it’s a pretty obvious bug,” he said.

Magazine: North Korea crypto hackers tap ChatGPT, Malaysia road money siphoned: Asia Express

Source

admin 14510 posts 0 comments
You might also like More from author

Leave A Reply

Your email address will not be published.