📢 Gate Square #MBG Posting Challenge# is Live— Post for MBG Rewards!
Want a share of 1,000 MBG? Get involved now—show your insights and real participation to become an MBG promoter!
💰 20 top posts will each win 50 MBG!
How to Participate:
1️⃣ Research the MBG project
Share your in-depth views on MBG’s fundamentals, community governance, development goals, and tokenomics, etc.
2️⃣ Join and share your real experience
Take part in MBG activities (CandyDrop, Launchpool, or spot trading), and post your screenshots, earnings, or step-by-step tutorials. Content can include profits, beginner-friendl
Transient storage vulnerabilities lead to $300,000 attacks on on-chain projects, experts analyze prevention suggestions.
Analysis of the $300,000 on-chain attack incident caused by transient storage vulnerabilities
On March 30, 2025, a certain on-chain leveraged trading project was attacked, resulting in a loss of over $300,000 in assets. The security team conducted an in-depth analysis of this incident, and the results are shared as follows:
Background
The attack occurred on the Ethereum network, targeting a leveraged trading project. The attacker exploited a transient storage-related vulnerability in the project's contract.
Prerequisite Knowledge
Solidity version 0.8.24 introduces the transient storage ( feature, which is a new data storage location. Its main characteristics include:
![Fatal Residue: A $300,000 on-chain Heist Triggered by Transient Storage])https://img-cdn.gateio.im/webp-social/moments-17317f8c1ab5c8cafd379315695be34c.webp(
Cause of Vulnerability
The root cause of this attack is that the value stored in transient storage using tstore in the contract was not cleared after the function call ended. This allowed the attacker to exploit this feature to construct a specific address, bypass permission checks, and transfer out tokens.
![Fatal Residue: A $300,000 on-chain Heist Triggered by Transient Storage])https://img-cdn.gateio.im/webp-social/moments-fde2d0d89b221f239b5ad5d0fd586d42.webp(
Attack Process
![Deadly Residue: A $300,000 on-chain Heist Triggered by Transient Storage])https://img-cdn.gateio.im/webp-social/moments-30320e0697136205e69772f53122d5be.webp(
![Fatal Residue: A $300,000 on-chain Heist Triggered by Transient Storage])https://img-cdn.gateio.im/webp-social/moments-e977f8452ae48dea208426db15adab36.webp(
![Deadly Residue: A $300,000 on-chain Heist Triggered by Transient Storage])https://img-cdn.gateio.im/webp-social/moments-0ef4c8b460905daddd99060876917199.webp(
![Fatal Residue: A $300,000 on-chain Heist Triggered by Transient Storage])https://img-cdn.gateio.im/webp-social/moments-193da5915e9140a4cf26cc1a04c39260.webp(
![Fatal Residue: A $300,000 on-chain Heist Triggered by Transient Storage])https://img-cdn.gateio.im/webp-social/moments-c12acde84f6df58e57eb10d68c487d6b.webp(
![Deadly Residue: A $300,000 on-chain Heist Triggered by Transient Storage])https://img-cdn.gateio.im/webp-social/moments-653adef89663df141d377b583f556bfc.webp(
![Deadly Residue: A $300,000 on-chain Heist Triggered by Transient Storage])https://img-cdn.gateio.im/webp-social/moments-2b2f646b8ee78e58f3df2076ed62be99.webp(
![Fatal Residue: A $300,000 on-chain Heist Triggered by Transient Storage])https://img-cdn.gateio.im/webp-social/moments-b342e46fb86369b5bd082591bbe741fa.webp(
![Fatal Residue: A $300,000 on-chain Heist Triggered by Transient Storage])https://img-cdn.gateio.im/webp-social/moments-e7fed078646f6800505eb85ae09e65bf.webp(
![Fatal Residue: A $300,000 on-chain Heist Triggered by Transient Storage])https://img-cdn.gateio.im/webp-social/moments-7317876b8e2a3a592abcaf1e21b62f46.webp(
![Deadly Residue: A $300,000 on-chain Heist Triggered by Transient Storage])https://img-cdn.gateio.im/webp-social/moments-8197999b1965f36c7584c2aba320257b.webp(
![Fatal Residue: A $300,000 on-chain Heist Triggered by Transient Storage])https://img-cdn.gateio.im/webp-social/moments-636a5fb9c992ef97cbe75e22fac0d331.webp(
Capital Flow Analysis
The attacker stole approximately $300,000 worth of assets, including:
Subsequently, the attacker exchanged WBTC and USDC for WETH, ultimately transferring 193.1428 WETH to a certain mixing service.
The attacker's initial funds (0.3 ETH) also came from that mixing service.
![Fatal Residue: A $300,000 on-chain Heist Triggered by Transient Storage])https://img-cdn.gateio.im/webp-social/moments-904133c007422770dd55372438c3d257.webp(
![Fatal Residue: A $300,000 on-chain Heist Triggered by Transient Storage])https://img-cdn.gateio.im/webp-social/moments-c2206fe20197a3835ddb92319314e4eb.webp(
Summary and Recommendations
The core of this attack lies in the exploitation of the transient storage feature that maintains its value unchanged throughout the transaction period, thereby bypassing the contract's permission verification. To prevent similar attacks, it is recommended that the project team: