Exploits of Solana Games Aurory and Floor Protocol

adminDecember 19, 2023

join us telegram A channel to stay up to date on breaking news coverage

Despite recent mainstream adoption, the world of cryptocurrencies can still pose many risks to those brave enough to navigate these waters. Two recent attacks highlight this risk.

A recent exploit in the Pokemon-like Solana-based game ‘Olori’ led to a serious security breach on Sunday evening. The attackers extracted approximately 600,000 AURY tokens worth approximately $830,000 at the time of the attack. In response to this security issue, Aurory developers took immediate action and shut down the SyncSpace blockchain bridge. This bridge is an important element connecting Aurory with the Ethereum scaling network, Arbitrum, and Solana.

When approached for a statement, Aurory’s Executive Producer Jonathan Campeau said the team is actively working to deploy comprehensive patches to backend services to address security flaws. He detailed the nature of the attack, describing it as a race condition attack on the off-chain market. This allowed the perpetrator to send multiple purchase requests simultaneously. As a result, the seller received twice the amount, but the buyer was billed only once.

Just a few hours ago, our team detected unusual activity in the market. After a quick investigation, we discovered that malicious actors could be abusing our marketplace’s purchase endpoints to increase purchase amounts. $AURS Balance in SyncSpace. This allowed them to withdraw…
— Aurory (Play Now) (@AuroryProject) December 17, 2023

As a result of this market abuse, AURY-USDC liquidity on decentralized exchange Camelot plummeted by 80%, with the value of AURY falling approximately 17% since early Sunday hours. The value of the stolen AURY, initially pegged at around $830,000, has decreased to around $690,000, according to the latest figures from CoinGecko. The AURY token has seen significant price fluctuations, first falling to around $0.95 and then recovering to around $1.15.

The Aurory team shared additional insights via: X. They said the exploit allowed hackers to transfer funds directly from the Aurory developer team wallet to Arbitrum. The studio has assured that no user funds or NFTs have been compromised or are currently at risk. Campeau also noted that interest in Aurory has increased since the release of the new game expansion ‘Seekers of Tokane’ last month, which unfortunately has also attracted malicious actors looking to exploit their systems.

Prior to this incident, Aurory’s platform had undergone a security audit conducted by cybersecurity firm Ottersec, which failed to identify this specific vulnerability.

Bored Ape and Chubby Penguin NFTs stolen

Adjacent to the Aurory incident, another significant attack occurred involving Floor Protocol where various Bored Apes and Pudgy Penguins NFTs were stolen. The exploit was linked to Floor Protocol’s recent contract upgrade, which created a security hole. As reported by ‘foobar’, founder of NFT marketplace Delegate, the NFTs have now been transferred to a wallet that has been flagged as involved in a phishing scam. This wallet is identified on Etherscan as 0x4d0D746E0F66bf825418E6b3deF1a46Ec3c0B847.

vuln had a bad upgrade 11 days ago that allowed multiple calls to external contracts.
Simple: nftContract.transferFrom(nftHolder, me, tokenId)
And bc nftHolder approved flooring will do the trick.
The image on the left is a secure internal multi-currency.
The image on the right is an insecure external multicurrency. pic.twitter.com/gEHHZyLzDc
— foobar (@0xfoobar) December 17, 2023

Flooring Lab, the company that developed the Floor Protocol, promotes high standards for user experience, security, and asset protection on its website. However, the recent update responsible for the vulnerability appears to have bypassed the audit. The Halborn audit of the Flooring Lab website dates back to September 8, 2023, and the OtterSec audit dates back to October 4.

Interestingly, the ‘smart_contract’ repository audited by OtterSec now shows a 404 error, and Flooring Lab’s GitHub only lists the repository that contains the website’s logo and configuration files. The team at Flooring Lab has released a fix update that they believe resolves the issue. This Floor Protocol exploit is closely related to the major hack of NFT Trader, which resulted in the theft of numerous high-value NFTs.