<![CDATA[How exactly did the attacker execute the exploit wasabi?]]>cce92f5f-7487-4eca-bf9b-b225589363ac-image.png

The attacker identified that wasabideployer.eth was the sole address holding ADMIN_ROLE in Wasabi's PerpManager AccessManager, with no timelock or multisig protection. By calling grantRole on the deployer externally owned account with zero delay, the attacker instantly elevated their orchestrator contract to admin status. With admin control secured, they used the protocol's UUPS upgrade mechanism to replace the legitimate vault implementations with a malicious version that drained user balances. The entire attack chain from admin access to fund drainage was made possible by a single unprotected key holding the most powerful permission in the system.

]]>https://undeads.com/forum/topic/19311/how-exactly-did-the-attacker-execute-the-exploit-wasabiRSS for NodeSun, 03 May 2026 18:48:47 GMTFri, 01 May 2026 08:25:39 GMT60<![CDATA[Reply to How exactly did the attacker execute the exploit wasabi? on Fri, 01 May 2026 10:56:00 GMT]]>A single EOA holding ADMIN_ROLE with no timelock, no multisig, and no delay on grantRole is not a sophisticated vulnerability, it is a governance architecture failure that any security review should have flagged as a critical risk before deployment.

]]>https://undeads.com/forum/post/53262https://undeads.com/forum/post/53262Fri, 01 May 2026 10:56:00 GMT