Socket (Bungee Bridge): Unvalidated user input in new route — transferFrom injection via approval drain
A new bridge route added to Socket's contract three days before the attack lacked input validation, letting an attacker inject transferFrom calls to drain $3.3M from 700+ wallets with active approvals.
Summary #
Socket (Bungee Bridge) suffered a Cross-Chain Bridge / Aggregator on 2024-01-16, resulting in a loss of approximately $3M.
What happened #
A new bridge route added to Socket's contract three days before the attack lacked input validation, letting an attacker inject transferFrom calls to drain $3.3M from 700+ wallets with active approvals.
Linked factors #
- RD-F-001 — causal : ★ Direct: Audit scope mismatch (report commit ≠ deployed bytecode) [via cross-hack: Factor 1: Audit Scope Mismatch]
- RD-F-004 — causal : Audit count likely 0; floor display [via dashboard_risk_factors/Vulnerability in audited or unaudited code: Unaudited — post-audit route addition]
- RD-F-006 — causal : Audit-deploy gap (RD-F-006 time between audit and deploy) [via dashboard_risk_factors/Exploited code newly deployed/upgraded?: Y — Vulnerable route added 3 days before exploit] || Audit-deploy gap — alternate field name [via dashboard_risk_factors/Exploited code newly deployed/upgraded?: Y — Vulnerable route added 3 days before exploit]
- RD-F-007 — related : Bug bounty absent — baseline integrity gap [via dashboard_risk_factors/Bug bounty: Unknown]
- RD-F-101 — illustrative : Large governance proposal queued — RT signal would have fired [via realtime_signals/Governance/admin action: Y — New route added to bridge contract without re-audit]
- RD-F-146 — related : New deploys in last 30 days — fresh attack surface [via dashboard_risk_factors/Exploited code newly deployed/upgraded?: Y — Vulnerable route added 3 days before exploit]