Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • World
  • Users
  • Groups
Collapse
Brand Logo
UDS UDS: $1.5963
24h: -0.60%
Trade UDS
Gate.io
Gate.io
UDS / USDT
KuCoin
KuCoin
UDS / USDT
MEXC
MEXC
UDS / USDT
BingX
BingX
UDS / USDT
BitMart
BitMart
UDS / USDT
LBank
LBank
UDS / USDT
XT.COM
XT.COM
UDS / USDT
Uniswap v3
Uniswap v3
UDS / USDT
Biconomy.com
Biconomy.com
UDS / USDT
WEEX
WEEX
UDS / USDT
PancakeSwap v3
PancakeSwap v3
UDS / USDT
Pionex
Pionex
UDS / USDT
COINSTORE
COINSTORE
UDS / USDT
Sushiswap v3
Sushiswap v3
UDS / USDT
Picol
Picol
UDS / USDT

Earn up to 50 UDS per post

Post in Forum to earn rewards!

Learn more
UDS Right

Spin your Wheel of Fortune!

Earn or purchase spins to test your luck. Spin the Wheel of Fortune and win amazing prizes!

Spin now
Wheel of Fortune
selector
wheel
Spin

Paired Staking

Stake $UDS
APR icon Earn up to 50% APR
NFT icon Boost earnings with NFTs
Earn icon Play, HODL & earn more
Stake $UDS
Stake $UDS
UDS Left

Buy UDS!

Buy UDS with popular exchanges! Make purchases and claim rewards!

Buy UDS
UDS Right

INFLUENCER LEVEL

Based on the number of subscribers

MULTIPLIER

up to 10k

x1.1

10-25k

x1.25

25-100k

x1.5

100k-250k

x2

250k-1m

x3

1m+

x5

Post links to Undeads Forum messages or Undeads products to receive additional rewards

Post limits and staking coefficients applied similar to Forum posts

Discord, Telegram, Twiter

Post in Forum to earn rewards!

UDS Rewards
  1. Home
  2. FAQ
  3. How exactly did the attacker execute the exploit wasabi?

How exactly did the attacker execute the exploit wasabi?

Scheduled Pinned Locked Moved FAQ
2 Posts 2 Posters 4 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
This topic has been deleted. Only users with topic management privileges can see it.
  • cryptobroC Offline
    cryptobroC Offline
    cryptobro
    wrote last edited by
    #1

    cce92f5f-7487-4eca-bf9b-b225589363ac-image.png

    The attacker identified that wasabideployer.eth was the sole address holding ADMIN_ROLE in Wasabi's PerpManager AccessManager, with no timelock or multisig protection. By calling grantRole on the deployer externally owned account with zero delay, the attacker instantly elevated their orchestrator contract to admin status. With admin control secured, they used the protocol's UUPS upgrade mechanism to replace the legitimate vault implementations with a malicious version that drained user balances. The entire attack chain from admin access to fund drainage was made possible by a single unprotected key holding the most powerful permission in the system.

    1 Reply Last reply
    0
    • madtraderM Offline
      madtraderM Offline
      madtrader
      wrote last edited by
      #2

      A single EOA holding ADMIN_ROLE with no timelock, no multisig, and no delay on grantRole is not a sophisticated vulnerability, it is a governance architecture failure that any security review should have flagged as a critical risk before deployment.

      1 Reply Last reply
      0

      • Login or register to search.
      Powered by NodeBB Contributors
      • First post
        Last post
      0
      • Categories
      • Recent
      • Tags
      • Popular
      • World
      • Users
      • Groups