Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Reproducible Foundry test fork from SunWeb3Sec/DeFiHackLabs. Clone the repo, run forge test against the file path above, and replay the exploit against a mainnet fork at the historical block. Use for reproduction only — not for live targets.
The NFT liquidity solver XCarnival was attacked, the hacker made a profit of 3,087 ETH (about 3.8 million US dollars), and the hacker has returned 1,467 ETH after the negotiation. The core of this vulnerability is that when borrowing, there is no judgment on whether the NFT in the order has been withdrawn. Attack method (per SlowMist): Contract Vulnerability. Reported loss: 1,620 ETH.
- chain
- —
- protocol
- XCarnival
- bug_class
- logic
- date_occurred
- 2022-06-26
- loss_usd
- —
- source_id
- sm:xcarnival::2022-06-26