April 26, 2022
The Jump Satoshi Token $JST has a backdoor, users are urged to withdraw the funds ASAP
The Jump Satoshi Token $JST has a backdoor that allows the project owner to change the address of the code implementation through the Approve function in the contract.
The project owner can pass the safeCheck through the above conditions and execute the Approve function in the internal call of this function, and change the contract implementation address ACCESS to the sender address that passed in.
After changing the address of the ACCESS implementation, the malicious ACCESS address can be called via delegatecall through the grant() function.
Triggered by the fallback function:
The project party has a backdoor permission address of 0x23A15A374B0f5f20625B7D53666dF1Fe82b2916f and has changed the implementation address to 0x7d62b05bdf8fa07d8b3b8b9bf315371aa91098f58.
Currently there are 3,681,586 USD in the WBNB-JST trading pool at high risk. Users are requested to withdraw assets in a timely manner to avoid theft of assets by project owners using the backdoor.
If you have need any blockchain security services, please contact us:
Related Project
Related Project Secure Score
Guess you like
Beosin Has Completed Security Audit Service of SeasonSwap With No Issues Identified
April 28, 2022
Beosin’s Analysis of the Wiener Doge Flash Loan Attack
April 25, 2022
Beosin Has Completed Security Audit Service of TribeOne
April 25, 2022
How to Ensure the Security of NFT Under the Web 3.0 Boom?
April 24, 2022