Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • ADOPTION
  • TRADING
  • HACKING
  • SLOT
Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • ADOPTION
  • TRADING
  • HACKING
  • SLOT
Crypto Flexs
Home»HACKING NEWS»PWN Protocol Audit Summary -Ackee Blockchain
HACKING NEWS

PWN Protocol Audit Summary -Ackee Blockchain

By Crypto FlexsFebruary 8, 20255 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
PWN Protocol Audit Summary -Ackee Blockchain
Share
Facebook Twitter LinkedIn Pinterest Email

PWN is a platform for the ERC-20 token with a token token. You can open a loan in different types to define the relationship between the borrowed credit and the collateral.

PWN participated in Ackee Blockchain Security for three audits in November and December 2024. Thanks highlights include:

  • gun 13 resultsinclude Two criticisms.
  • Both An important vulnerability has been found Code already placedIt means that all deposit ERC-20 assets are in danger.
  • These two missed Previous audit PWN before review of AcKee Blockchain Security.
  • Wake’s static analysis and fuzz test tools were also found.

methodology

We have prepared a differential forking fuzz test that was manually induced in the Wake Testing Framework to prepare the integration with external dependencies including protocol implementation and chain links and AAVE protocols.

The second review began with updating the fuzz tests created in the first review. Then, the Wake static analysis detector was executed and a manual code review of the code change was performed. During the manual review, we specifically focused on the correct integration with chainlink and the rest of the codebase.

range

The audit was performed in the commit 7ea4dePWN protocol storage and commit 17db9b In the periphery of PWN.

The scope of the first audit included:

  • entire src Excluding the directory of the PWN protocol repository src/Deployments.sol and
  • that src/pool-adapter Directory in the peripheral repository around PWN.

Revision 2.0 was performed at Commit bbe7d9In the PWN protocol repository, the audit focused on changes to the code base after the first review.

Revision 2.1 included reviewing the incomplete modifications of an important issue in the second revision and the first review found in the second revision. The review was carried out about the commit. 6f390c.

result

Security discovery classification is determined by two grades. influence and What can be. This two -dimensional classification helps to clarify the seriousness of individual problems. The problem to be evaluated middle It is severe, but the possibility of being found only by the team is generally reduced according to the possibility. warning or Information provision Severe rating.

Wake Testing Framework helped to find five results, including one important issue. The entire source code of all fuzz tests is provided here.

Wake’s static analysis detector has identified two different problems and one of them was important. During manual review, we focused as follows:

  • External requests for untrusted contracts cannot be abused for re -creation attacks.
  • The contract resists signature regeneration attacks.
  • Token arithmetic inside the protocol matches documents and our expectations. and
  • The integration with external dependencies is implemented correctly.

Our second review resulted in one medium discovery, interfering with the use of elastic chain link loan proposals due to the wrong implementation of EIP-712 data encoding. The full source code of the updated fuzz test is available here.

The other five discoveries were evaluated as warning and information.

Threshold

C1: Loan Refi Nancing Re -creation

C2: The wrong optimization of loan refinancing

The severity is high

There is no high severe serious problem.

Intermediate

M1: Chain Link Common Logic Logic

M2: Older/Rotate Chain Link Feeds causes DOS

M3: Basic contract that cannot be upgraded

M4: Incorrect EIP-712 Typehash

M5: Incorrect EIP-712 Data Incoding

Low severity

L1: decimal point detection can go back unexpectedly

Significance of warning

W1: AAVE and compounds of previous versions are not supported

W2: creditPerCollateralUnit Split by 0

W3: checkTransfer Sender and receiver conflict

Information seriousness

I1: revokeNonces NONCE space can be cache

I2: LoanDefaulted(uint40) The error parameter has no name

conclusion

The PWN audit of ACKEE BLOCKCHAIN ​​Security has resulted in a total of 13 results in information.

The most serious results, the C1 and C2, were stolen with the risk of all ERC-20 tokens deposited in the protocol. Both important vulnerabilities have been found to exist in the already deployed PWN contracts for several major chains, including Etherrium Mainnet, polygon, arbitration and optimism. Code, which includes both important vulnerabilities, has already been appreciated by two independent companies (not ACKEE BLOCKCHAIN ​​Security).

As soon as the results were found, we started disclosing immediate responsibility to PWN. Thanks to the rapid participation, all assets have been protected and vulnerability has been eased.

AcKee Blockchain Security recommends PWN.

  • To detect potential attack vectors, we implement static analysis tools such as Wake.
  • Apply recreated security guards to all open functions that perform external calls for untrusted contracts.
  • Provide the price feed that requires supply registry contracts, such as all chains links that PWN maintains, and complies with the expected behavior.
  • Pay attention to the contract upgrade regarding the storage layout.
  • To avoid problems caused by changing storage layouts, we distribute updated PWNCONFIG contracts only with new proxies.
  • We reinforce all public functions that carry out external calls for untrusted contracts.
  • Be careful when implementing EIP to ensure full compatibility with standards. and
  • Solve all the reports reported.

The entire PWN audit report of AcKee Blockchain Security can be found here.

We were happy to be grateful for PWN and expect to work with them again.

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Director Trezor: What is the best hardware wallet in 2025?

May 31, 2025

US sanctions technology companies are related to millions of dollars of encryption fraud.

May 31, 2025

Encryption Inheritance Update: May 2025

May 29, 2025
Add A Comment

Comments are closed.

Recent Posts

As the whale exit is strengthened, the $ 0.32 mantra: Om is at the turning point?

June 1, 2025

What should I expect from Ether Reeum price in June 2025?

June 1, 2025

Elevenlabs improves multi -mode conversation AI user interaction

June 1, 2025

SEC back track for Rex-OSPREY Staked ETF

June 1, 2025

NVIDIA expands AI training from GTC Paris to multilingual workshops.

June 1, 2025

SUI Prover improves smart contract verification in the SUI block chain

June 1, 2025

TRON Analysts predicts the following $ 0.30 rally, Unilabs Crosses Doge Volume.

June 1, 2025

Zero Knowledge Technology: In Linea’s study, the journey to the main net

May 31, 2025

Blockchain.com Nigeria in the court ruling

May 31, 2025

Sharplink’s $ 1B Ether Leeum Bet: How to Change ETH’s Game

May 31, 2025

The AI ​​drive model seasplat improves coral reefs.

May 31, 2025

Crypto Flexs is a Professional Cryptocurrency News Platform. Here we will provide you only interesting content, which you will like very much. We’re dedicated to providing you the best of Cryptocurrency. We hope you enjoy our Cryptocurrency News as much as we enjoy offering them to you.

Contact Us : Partner(@)Cryptoflexs.com

Top Insights

As the whale exit is strengthened, the $ 0.32 mantra: Om is at the turning point?

June 1, 2025

What should I expect from Ether Reeum price in June 2025?

June 1, 2025

Elevenlabs improves multi -mode conversation AI user interaction

June 1, 2025
Most Popular

Detained Binance executive to remain in Nigeria until hearing: WSJ

March 13, 2024

Ether Leeum is the second to record 300 states MA. There was something happened in 2022.

March 28, 2025

Enter the future with Emercoin: the ultimate guide to this innovative cryptocurrency! – DeFi information

February 26, 2024
  • Home
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms and Conditions
© 2025 Crypto Flexs

Type above and press Enter to search. Press Esc to cancel.