On July 28, the SuperRare platform was hacked on the Ethereum blockchain, resulting in the theft of approximately 11.9 million RARE tokens, equivalent to $730,000.
What is SuperRare and How Did the Hack Occur?
SuperRare is a well-known platform for selling digital art since 2018. Users can vote on platform changes and earn rewards with RARE tokens. The hack did not affect the art side but targeted the staking contract.
The contract utilized a Merkle root for reward verification but had insufficient checks on who could update this root, allowing an attacker to alter it and withdraw 11.9 million RARE tokens in one transaction.
An Unusual Twist: Who Ended Up with the Money?
Interestingly, the first person to discover the flaw did not profit from it. Another participant in the network observed the attack and executed an identical transaction with a higher gas fee, which resulted in their transaction being processed first.
This incident exemplifies front-running, where one participant capitalizes on the action of another by submitting a competing proposal faster.
What the SuperRare Hack Teaches Us?
The SuperRare hack highlights the necessity for stringent permissions in smart contracts. A minor coding error can lead to significant losses. Additionally, developers should consider the speed at which automated players react, as during an attack, one might inadvertently fall victim to another competitor.
The attacker, who launched the hack, ended up being outsmarted by another participant, illustrating the additional risks for such platforms. The event serves as a reminder that reward systems require as much fortification as vaults.
The SuperRare hack delivered crucial lessons for both the platform and the broader community. It delineates vulnerabilities within smart contract systems while underscoring the need for vigilance in the fast-paced crypto market.
