🚨Yesterday, SlowMist MistEye security system detected an attack on SIR[.]trading (@leveragesir), leading to a loss of over 300K. 📊According to @MistTrack_io's analysis, the stolen assets were transferred into #Railgun, and the attacker's (0x27defcfa6498f957918f407ed8a58eba2884768c) initial funds came from 0.3 ETH transferred from Railgun. 🧐The root cause of this exploit is that the value stored using TSTORE in a function was not cleared after the function call ended. As a result, the attacker was able to exploit this characteristic by crafting a specific malicious address to bypass permission checks and transfer tokens. 🔍More analysis here: https://slowmist.medium.com/fatal-residue-an-on-chain-heist-triggered-by-transient-storage-10909e4a255a