Sodium Wallet signature bypass drains 11.76 ETH in gas deposits from 300 Arbitrum wallets


3 recorded changes
Want your article here?
Promote with Leviathan News

3 recorded changes
Want your article here?
Promote with Leviathan NewsAn access-control bug in Sodium’s ERC-4337 signature path let an attacker pass validation for 300 wallets using a self-chosen session key and an EIP-1271 contract that accepted every signature. The attacker set maxFeePerGas near 4,062 gwei and callGasLimit to zero, forcing all 300 operations to fail while EntryPoint paid 11.76 ETH from victim gas deposits to the beneficiary, about $21,200 at $1,799.65 per ETH.
TLDR by @Benthic

𝕏/@ryanberckmans ·

𝕏/@wmougayar ·

Coindesk ·

𝕏/@ethereuminsti ·

Youtube ·

𝕏/@ryskfinance ·

𝕏/@ryanberckmans ·

𝕏/@wmougayar ·

Coindesk ·

𝕏/@ethereuminsti ·

Youtube ·

𝕏/@ryskfinance ·
🚀 Love DeFi? Ready to dive in and start earning $SQUID while making an impact?