GoPlus: ListaDAO's liquidity staking vault was attacked, and the attacker exploited a logical vulnerability to steal funds
GoPlus Security released an analysis stating that the Liquid Staking Vault contract of ListaDAO was attacked due to a business logic flaw. The attacker triggered the share calculation function of the Dividend contract when transferring specific tokens, which affected the reward distribution logic of the staking vault, ultimately stealing a large amount of assets from the contract.
GoPlus Security reminds that this logical vulnerability exists in both the Liquid Staking Vault and Dividend contracts, and any fork or reused implementation carries a high risk of being exploited. Developers and projects are strongly advised to conduct reviews and fix the vulnerabilities accordingly. Smart contract security should not rely on "one-time audits."
You may also like
How to choose between buying discounted ETH, Bitmine, and SharpLink?
Semiconductor stocks plummet, yet Anthropic wants to create a 2nm chip
A South Korean company that learned the strategy of hoarding coins, from a bull market to delisting?
Where is Zhao Changpeng's billion-dollar investment going? YZi Labs' investment landscape fully revealed
Ethereum Foundation Report: A Basic Guide to Ethereum for Governments and Financial Institutions
A pre-announced harvesting case: After the cryptocurrency price dropped by 99%, the public chain Saga exited to transform into AI
When American giants collectively "defect" from Chinese AI models
BIS Report Compliance Observation: The Real Risks of Stablecoins, Not Just "Depegging"
Portugal 2-1 Croatia: Ronaldo's 20-Year Knockout-Stage Drought Ends With a Debt Finally Collected
Portugal beat Croatia 2-1 in the 2026 global football championship's knockout rounds as Ronaldo scored his first-ever knockout-stage goal, Gonçalo Ramos struck a stoppage-time winner, and VAR ruled out a late equalizer for offside.


