April 26, 2022

The Jump Satoshi Token $JST has a backdoor, users are urged to withdraw the funds ASAP

The Jump Satoshi Token $JST has a backdoor that allows the project owner to change the address of the code implementation through the Approve function in the contract.





The project owner can pass the safeCheck through the above conditions and execute the Approve function in the internal call of this function, and change the contract implementation address ACCESS to the sender address that passed in.




After changing the address of the ACCESS implementation, the malicious ACCESS address can be called via delegatecall through the grant() function.





Triggered by the fallback function:



The project party has a backdoor permission address of 0x23A15A374B0f5f20625B7D53666dF1Fe82b2916f and has changed the implementation address to 0x7d62b05bdf8fa07d8b3b8b9bf315371aa91098f58.



Currently there are 3,681,586 USD in the WBNB-JST trading pool at high risk. Users are requested to withdraw assets in a timely manner to avoid theft of assets by project owners using the backdoor.



If you have need any blockchain security services, please contact us:


Website Email Official Twitter Alert Telegram LinkedIn

Related Project

Related Project Secure Score

Guess you like
Learn More
  • Beosin Has Completed Security Audit Service of SeasonSwap With No Issues Identified

    April 28, 2022

  • Beosin’s Analysis of the Wiener Doge Flash Loan Attack

    April 25, 2022

  • Beosin Has Completed Security Audit Service of TribeOne

    April 25, 2022

  • How to Ensure the Security of NFT Under the Web 3.0 Boom?

    April 24, 2022

Join the community to discuss.