SlowMist: Fusion's EOA account was compromised due to the EIP-7702 license contract vulnerability.
TL;DR
SlowMist detected suspicious activity in Fusion due to an EIP-7702 authorization contract vulnerability, allowing attackers to create malicious contracts and steal funds from PlasmaVault.
Tags
[SlowMist: Fusion Project-Controlled EOA Account Attacked Due to EIP-7702 Authorization Contract Vulnerability] Mars Finance reports that SlowMist stated on its X platform that MistEye detected potentially suspicious activity related to Fusion. The root cause is a vulnerability in the underlying contract delegated by the EOA account controlled by the project team through EIP-7702. This vulnerability allows for arbitrary external calls, enabling attackers to create and configure malicious circuit breaker contracts for PlasmaVault, thereby extracting funds from the contract.