SlowMist: The security incident at Truebit was caused by the lack of overflow protection mechanisms in the contract.
TL;DR
SlowMist's analysis reveals Truebit Protocol was attacked on Jan 8 due to an integer overflow vulnerability in its Purchase contract, allowing attackers to mint TRU tokens cheaply and steal $26.44M in Ethereum. The root cause was lack of overflow protection, with stolen funds moved to Tornado Cash.
Tags
Foresight News reports that the SlowMist security team has released a security incident analysis report on Truebit Protocol. On January 8th, Truebit Protocol was attacked due to an integer overflow vulnerability in its Purchase contract. Attackers were able to mint TRU tokens at near-zero cost and steal 8,535 Ethereum (approximately $26.44 million). The root cause was the lack of overflow protection mechanisms in the contract, leading to incorrect price calculations. The stolen funds were subsequently transferred to Tornado Cash. It is recommended that contracts compiled using versions of Solidity prior to 0.8.0 always use SafeMath to protect all arithmetic operations to prevent overflow-related logical flaws.