Gnosis Pay 复盘安全事件:漏洞源于签名校验逻辑缺陷,已完成修复

Gnosis Pay 复盘安全事件:漏洞源于签名校验逻辑缺陷,已完成修复

2026-07-03 21:42

据官方公告,Gnosis Pay 发布 6 月 1 日安全事件复盘报告,披露漏洞源于 Zodiac 模块中 ERC-1271 签名校验逻辑缺陷。

系统仅读取合约返回结果,未检查调用是否实际执行成功,攻击者借此部署一个故意失败但仍返回“有效”标识的合约,伪造授权后提取非其所有账户的资金。

该漏洞随 Zodiac 代码 3.4.0 版本于 2023 年 10 月引入,并已于 6 月 5 日完成修复。

报告显示,攻击者共提走约 150 万美元,涉及 5281 个钱包,其中 GNO 约 64.1 万美元、EURe 约 45.3 万美元、USDC.e 约 39.9 万美元。

另有约 30 万美元资金被锁定于无法访问账户中,团队正探索找回方案。Gnosis Pay 表示,后续将扩充安全团队、引入外部审计,并扩大智能合约审计范围。

Disclaimer: Contains third-party opinions, does not constitute financial advice

Recommended Reading

NVIDIA attracts $85 billion in investor demand during massive bond issuance

19 days ago
NVIDIA attracts $85 billion in investor demand during massive bond issuance

Ethereum surges over 10% in 24 hours, currently priced at $1,841.31

19 days ago
Ethereum surges over 10% in 24 hours, currently priced at $1,841.31

Amazon announces a multi-billion dollar investment in Missouri to build a data center campus, expected to create over 400 long-term positions

19 days ago
Amazon announces a multi-billion dollar investment in Missouri to build a data center campus, expected to create over 400 long-term positions

Binance Platform's SpaceX Perpetual Contract Trading Volume Surpasses $9 Billion, Capturing Over 60% Market Share

19 days ago
Binance Platform's SpaceX Perpetual Contract Trading Volume Surpasses $9 Billion, Capturing Over 60% Market Share

Binance platform XLM/USDT short-term spike down to $0.17, now recovered to $0.225

19 days ago
Binance platform XLM/USDT short-term spike down to $0.17, now recovered to $0.225

Trump: The Strait of Hormuz has been fully reopened as of Friday, and all agreements have been signed

19 days ago
Trump: The Strait of Hormuz has been fully reopened as of Friday, and all agreements have been signed

SlowMist: Aztec Connect Contract Hacked for $2.19 Million Due to ZK-Rollup L1/L2 State Boundary Vulnerability

19 days ago
SlowMist: Aztec Connect Contract Hacked for $2.19 Million Due to ZK-Rollup L1/L2 State Boundary Vulnerability