woah

woah

@temp5858

dni if you are poor and uselesst.me/temp5858?direct

234подписчиков
🇬🇧

Похожие каналы

Все →

Последние посты

This generation has the proudest whores I have ever seen

6 июн. 2026 г.1 230В Telegram

Time flies so fast ong 🎮btw thanks for supporting my projects, the bots i made for fun have 50k active monthly users rn 😮

21 мая 2026 г.1 100В Telegram

new intro for our channel!

18 мая 2026 г.608В Telegram

we dont encourage racism btw

18 мая 2026 г.598В Telegram
woah — пост в ТГ канале

🤖 Analysis: GetGems 1.5M$ ExploitWhat actually happened?1. Attacker deployed fake USDT minter2. How did he send offer through getgems? - Attacker pre-computed (wallet = hash(minter + holder)) what wallet address their fake minter would produce for the target offer contract address. They then funded that wallet with fake USDТ.3. The attacker crafted a raw transaction directly to the offer contract's create_offer, passing their fake USDТ minter and the pre-funded wallet address as the payment token. The contract stored those values without validating the minter.4. The Exploit? The attacker then sent an NftTransfer (op 0x5fcc3d14) directly to the NFT item contract, setting new_owner to the offer contract and attaching 0.25 TON as a forward. This triggered the offer contract's sale logic - which checked sender == expected_jetton_wallet (the exploit - they never actually verify the minter, only the address used to make the offer)How can it be fixed?Add a hardcoded approved-minter whitelist to the transfer_notification handler and throw if the stored jetton_minter address doesn't match USDT_MINTER or NOT_MINTER before executing any sale logic.Did the exploiter cashout yet?No - the assets are still sitting in the exploiters wallet and less likely to get sold immediately, especially given the possibility of intervention or recovery efforts☕️ Stay safe twin

13 мая 2026 г.790В Telegram

Changelogs will be posted soon...qbots.pw/changelogs

13 мая 2026 г.1 930В Telegram