PANews reported on March 21 that according to the latest smart contract security audit series of articles released by SlowMist, an attack method that uses CREATE and CREATE2 to achieve "different contracts at the same address" deployment has attracted attention. The attacker first deploys a security contract to obtain authorization, then self-destructs and rebuilds the malicious contract with the same deployment path, inducing the contract to execute malicious logic through delegatecall , which may lead to the hijacking of DAO governance rights. SlowMist recommends that developers record and verify code hashes, use delegatecall prudently, and be wary of the risk of deployment address reuse caused by contract self-destruction.
SlowMist reveals CREATE/CREATE2 redeployment attack and defense strategy
Comment
关注PANews官方账号,一起穿越牛熊
- @PANewsCN
- Telegram资讯频道
- Telegram交流群
- PANews微信群
添加好友,备注「交流」进群
Recommend Reading
2025-03-23In the past 24 hours, the total network contract liquidation was 106 million US dollars, both long and short positions were liquidated
Bounce Brand: The team did not participate in any AUCTION price manipulation and voluntarily locked approximately 1.5 million tokens from funds and team allocations
Two Bounce Finance multi-signature addresses deposited 1.55 million AUCTION into Team Finance and locked it
SlowMist Cosine: Coinbase was attacked by the GitHub Actions CI/CD mechanism supply chain
ZetaChain has reached cooperation with many companies including Google Cloud, Deutsche Telekom, Alibaba Cloud, etc.
In the past 24 hours, the total network contract liquidation was 116 million US dollars, mainly short orders
