SlowMist reveals CREATE/REALE2 redeployment attack and defense strategy

According to SlowMist's latest series of smart contract security audit articles, an attack method that uses CREATE and CREATE2 to deploy "same address but different contracts" has attracted attention. Attackers deceive authorization by deploying security contracts first, then self destruct and rebuild malicious contracts using the same deployment path, inducing contracts to execute malicious logic through delegatecall, which may lead to the hijacking of DAO governance rights. SlowMist recommends developers to record code hashes and verify them, use delegatecall cautiously, and be alert to the deployment address reuse risk caused by contract self destruction.