Beosin: Analysis of the Rubic Attack Incident

ChainCatcher news, according to monitoring by Beosin EagleEye, a blockchain security audit company under Beosin, the Rubic project has been attacked. The Beosin security team analyzed that the routerCallNative function of the RubicProxy contract lacks parameter validation, allowing _params to specify arbitrary parameters. Attackers can use a specific integrator to enable the RubicProxy contract to call the function data they provide at almost zero cost.

By calling the routerCallNative function, the attacker transferred all USDC authorized to the RubicProxy contract to the address 0x001B via transferFrom, stealing nearly 1100 Ethereum. Through Beosin Trace, it was discovered that all stolen funds have been transferred to Tornado cash.