This generation has the proudest whores I have ever seen
Похожие каналы
Все →Последние посты

Really?

Time flies so fast ong 🎮btw thanks for supporting my projects, the bots i made for fun have 50k active monthly users rn 😮



woah pinned a GIF
new intro for our channel!
we dont encourage racism btw
nigger

🤖 Analysis: GetGems 1.5M$ ExploitWhat actually happened?1. Attacker deployed fake USDT minter2. How did he send offer through getgems? - Attacker pre-computed (wallet = hash(minter + holder)) what wallet address their fake minter would produce for the target offer contract address. They then funded that wallet with fake USDТ.3. The attacker crafted a raw transaction directly to the offer contract's create_offer, passing their fake USDТ minter and the pre-funded wallet address as the payment token. The contract stored those values without validating the minter.4. The Exploit? The attacker then sent an NftTransfer (op 0x5fcc3d14) directly to the NFT item contract, setting new_owner to the offer contract and attaching 0.25 TON as a forward. This triggered the offer contract's sale logic - which checked sender == expected_jetton_wallet (the exploit - they never actually verify the minter, only the address used to make the offer)How can it be fixed?Add a hardcoded approved-minter whitelist to the transfer_notification handler and throw if the stored jetton_minter address doesn't match USDT_MINTER or NOT_MINTER before executing any sale logic.Did the exploiter cashout yet?No - the assets are still sitting in the exploiters wallet and less likely to get sold immediately, especially given the possibility of intervention or recovery efforts☕️ Stay safe twin
Changelogs will be posted soon...qbots.pw/changelogs