Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Reproducible Foundry test fork from SunWeb3Sec/DeFiHackLabs. Clone the repo, run forge test against the file path above, and replay the exploit against a mainnet fork at the historical block. Use for reproduction only — not for live targets.
MEV Bot JokInTheBoxETH was attacked, lost ~$34K. The root cause of the exploit was poorly implemented unstake function fo the staking contract. Since the unstake function does not check the state of the variable "unstake", the exploiter could unstake multiple times and drian the assets. Attack method (per SlowMist): Contract Vulnerability. Reported loss: $ 34,000.
- chain
- —
- protocol
- JokInTheBoxETH
- bug_class
- logic
- date_occurred
- 2024-06-10
- loss_usd
- $34,000
- source_id
- sm:jokintheboxeth::2024-06-10