Slow Mist: Rabby Swap has an external call risk, and hackers have made more than $190,000 in profits

According to the intelligence of the SlowMist security team, on October 11, 2022, the Swap contract of the Rabby wallet project on the Ethereum chain was attacked, and the token exchange function in the contract was directly called externally through the functionCallWithValue function in the OpenZeppelin Address library, while calling Both the target contract and call data can be passed in by the user, but the parameters passed in by the user are not checked in the contract, which leads to any external call problem. Attackers exploit this issue to steal funds from users authorized to this contract. The SlowMist security team reminds users who have used the contract to quickly cancel the authorization of the contract and withdraw funds to avoid risks. So far, the hackers of the Rabby Swap incident have made more than $190,000 in profits, and the funds have not been further transferred for the time being. The source of the handling fee for the hacker’s address is Tornado Cash 10 BNB, and the tools used include Multichain, ParaSwap, PancakeSwap, Uniswap V3, and Trader Joe. SlowMist MistTrack will continuously monitor hacker addresses and analyze relevant traces.