SuperRare $730,000 exploit was easily preventable — Experts weigh in

A critical access control bug in SuperRare’s staking contract — easily detectable by unit tests or even ChatGPT — allowed an attacker to steal $731,000 in RARE tokens.

NFT trading platform SuperRare suffered a $730,000 exploit on Monday due to a basic smart contract bug that experts say could have easily been prevented with standard testing practices.

SuperRare’s (RARE) staking contract was exploited on Monday with around $731,000 worth of RARE tokens stolen, according to crypto cybersecurity firm Cyvers.

The vulnerability stems from a function meant to allow only specific addresses to modify the Merkle root, a critical data structure that determines user staking balances. However, the logic was mistakenly written to allow any address to interact with the function.

Read more