SlowMist (@SlowMist_Team) “🚨SlowMist TI Alert🚨 💸 @Aurellion_Labs Loss: 455,003 USDC (~$455,003) 🔍 Root” — TopicDigg

🚨SlowMist TI Alert🚨 💸 @Aurellion_Labs Loss: 455,003 USDC (~$455,003) 🔍 Root Cause: Unprotected initialize(address varg0) in SafeOwnable Facet. Diamond set owner via non-initialize path without updating _initialized version slot (bytes 0-7 of 0xf0c57e...) from 0, allowing re-init by attacker to overwrite owner, call diamondCut to inject malicious facet with pullERC20, and drain approved USDC. 📌 Victim Contract: 0x0adc63e71b035d5c7fdb1b4593999fa1f296f1b2 📌 Vulnerable Facet: 0x3ca79c1cf29b8d19f7c643bb6e6bc9c49762e70f 📌 Attacker EOA: 0x9f49591a3bf95b49cd8d9477b4481ce9da68d5ca Attacker seized Diamond ownership and drained USDC from approved victims including 0x2e933518..., 0xa90714a1..., 0xeced2d37.... Powered by #SlowMist#.AI