This is a lower bound: only assets with reliable historical USD prices are counted, so the actual loss may be higher.
0x53eeab4447db331dbb47f93fd58a95d6faa230d559acde0687f8b5f5829e7a450x8dc0d817af40b1fa4f6b58034bb86f3bbefcb0a5Ethereum0xb4ba49c919309ab66177ac7dece4d5cd6ef714e7Ethereum0xa2473460f86e1058bdd0a2c531b15534fd403d97Ethereum0xe2637e705475f367c94467c4b844d58db293aff8Ethereum0xf5e303702b5927670998d6ec63449cb2edf65728EthereumOn Ethereum mainnet block 18552867, attacker EOA 0x4e087743e8025012c4704a1953c87eeff1e6ef48 executed transaction 0x53eeab4447db331dbb47f93fd58a95d6faa230d559acde0687f8b5f5829e7a45 through helper contract 0x3763b7f83358171b1660ee209f327954cc463129 and drained ETH plus multiple ERC20 balances from existing EIP-1167 pool clones created by factory 0x8dc0d817af40b1fa4f6b58034bb86f3bbefcb0a5. The exploit was permissionless: the attacker reconfigured already-live clones so that the clone storage treated attacker-controlled addresses as the pool admin and payout recipient, advanced the pool state through the normal lifecycle functions, then withdrew the full token or ETH balance from each targeted clone.
The root cause is an unrestricted reinitializer in implementation 0xb4ba49c919309ab66177ac7dece4d5cd6ef714e7. Selector 0xe7d25975 reaches the configuration routine without any sender authorization or one-time guard, so any caller can overwrite slots 0x02 and 0x03, mark arbitrary addresses as admins, and then invoke the privileged withdrawal path. The deterministic pre/post valuation artifact shows the attacker moved from 0.858005604156389841 ETH-equivalent before the exploit to 53.852561484079685125 ETH-equivalent after it, a post-fee increase of 52.994555879923295284 ETH-equivalent.
The affected contracts are minimal proxies. Each pool clone delegates all logic to the same unverified implementation at , so one implementation flaw is enough to expose every clone still pointing at it.
0xb4ba49c919309ab66177ac7dece4d5cd6ef714e7Three pieces of state matter for this incident:
func_2537 sets the admin flag for the supplied address.0x03. The observed lifecycle in the incident is: completed pool before exploit, reset to attacker-controlled state by 0xe7d25975, transition via 0x4abe11b4, then transition via 0xd547557b into the withdrawal-enabled state.0x90fb9dca transfers the full token balance of the selected ERC20, or the full native ETH balance if the token argument is zero, to the payout address encoded in slot 0x03.The ACT pre-state is Ethereum mainnet immediately before block 18552867. At that point the affected clones still held stealable balances, still delegated to the vulnerable implementation, and still exposed the vulnerable public selectors. No private keys, privileged roles, or attacker-specific artifacts were required.
From the implementation decompilation, the vulnerable behavior can be summarized as:
// Decompiled behavior summarized from implementation 0xb4ba49...
function e7d25975(
address slot2Value,
address slot3Value,
address token,
address[] calldata admins,
uint256 a,
uint256 b,
uint256 c,
uint256 d,
uint256 e
) external {
slot2 = slot2Value;
slot3 = slot3Value;
admin[slot3Value] = true;
for (uint256 i = 0; i < admins.length; ++i) {
admin[admins[i]] = true;
}
// no msg.sender authorization check
// no configure-once guard
}
This incident is an ATTACK, not a benign MEV event. The core safety invariant is that only the factory-designated owner or admin should be able to configure or reconfigure a pool clone, and privileged lifecycle and withdrawal functions must remain unreachable to arbitrary callers. The implementation breaks that invariant at the first step: selector 0xe7d25975 dispatches straight into the configuration routine and accepts attacker-controlled addresses and arrays without checking msg.sender or whether initialization has already happened. That routine overwrites the stored owner and payout recipient in slots 0x02 and 0x03, then marks attacker-supplied addresses as admins through the admin mapping write helpers. Once that storage corruption is complete, the later calls to 0x4abe11b4, 0xd547557b, and 0x90fb9dca are not the root cause; they are simply the intended admin-only path being executed with attacker-supplied admin state. The exploit is therefore deterministic: any unprivileged actor can repeat the same sequence against any clone that still points to the implementation and still holds assets.
The vulnerable components are:
0xb4ba49c919309ab66177ac7dece4d5cd6ef714e7, selector 0xe7d25975, which serves as the unrestricted reinitializer.func_2537 and func_2B9C in the decompilation), which set attacker-supplied addresses as admins.0x4abe11b4, 0xd547557b, and 0x90fb9dca, which become reachable after the attacker rewrites configuration.The violated security principles are straightforward: missing configure-once protection, missing authorization on the configuration routine, and privileged asset withdrawal logic that trusted storage values any caller could rewrite through the configuration path.
The exploit begins with a live, already-configured clone. Representative victim clone 0xa2473460f86e1058bdd0a2c531b15534fd403d97 held 100406250000000000000000 RailToken units before the exploit and was in its completed pre-exploit state. The incident trace shows the attacker helper calling e7d25975 on that clone and immediately overwriting the key storage fields:
Representative seed-trace excerpt for clone 0xa2473460...
@ 11: 0 → 0x000000000000000000000000e76c6c83af64e4c60245d8c7de953df673a7a33d
@ 3: 0x0000000000000000000000043904efc39b16e9ce6483e8beac623fca370286d1
→ 0x0000000000000000000000003763b7f83358171b1660ee209f327954cc463129
@ 2: 0x0000000000000000000000001a17e083f272c9bb1d2e4d0d336047a27561ac4d
→ 0x0000000000000000000000003763b7f83358171b1660ee209f327954cc463129
That is the code-level breakpoint. An already-configured clone has its stored authority and payout fields replaced with attacker-controlled values. The same trace then shows the attacker walking the state machine into the withdrawal-enabled state:
Representative seed-trace excerpt after takeover
0xa2473460...::setPoolToClosed()
@ 3: 0x...003763b7f83358171b1660ee209f327954cc463129
→ 0x...013763b7f83358171b1660ee209f327954cc463129
0xa2473460...::d547557b()
@ 3: 0x...013763b7f83358171b1660ee209f327954cc463129
→ 0x...023763b7f83358171b1660ee209f327954cc463129
Once slot 0x03 encodes attacker-controlled authority plus pool state 2, the withdrawal selector can transfer out the entire victim balance. For the representative RailToken pool, the seed trace and balance diff agree that the full balance was removed from the clone:
{
"token": "0xe76c6c83af64e4c60245d8c7de953df673a7a33d",
"holder": "0xa2473460f86e1058bdd0a2c531b15534fd403d97",
"before": "100406250000000000000000",
"after": "0",
"delta": "-100406250000000000000000"
}
The same pattern repeats across the other targeted clones in the same transaction. The clones at 0xe2637e705475f367c94467c4b844d58db293aff8 and 0xf5e303702b5927670998d6ec63449cb2edf65728 also show slot overwrites, state transitions, and balance-draining calls in the incident trace. This repetition matters because it rules out a one-off misconfiguration on a single pool; the attack uses the same implementation weakness against multiple clones in one bundle.
The exploit conditions are minimal:
0xb4ba49c919309ab66177ac7dece4d5cd6ef714e7.The profit calculation is now fully deterministic. The attacker EOA's native and WETH balances before and after the exploit are recorded in the profit valuation artifact:
{
"native_before_wei": "858005604156389841",
"native_after_wei": "4223956084156389841",
"weth_before_wei": "0",
"weth_after_wei": "49628605399923295284",
"portfolio_before_in_eth": "0.858005604156389841",
"portfolio_after_in_eth": "53.852561484079685125",
"portfolio_delta_in_eth": "52.994555879923295284",
"gas_fee_in_eth": "0.12659952"
}
The adversary strategy is a two-stage on-chain sequence.
First, the attacker EOA 0x4e087743e8025012c4704a1953c87eeff1e6ef48 deployed helper contract 0x3763b7f83358171b1660ee209f327954cc463129 in transaction 0xd2f3a9481395984736848c849140c6b86e34342be887aee3de2ae1639330109c at block 18552783. The helper is not privileged; it just packages the repeated clone interactions into one transaction.
Second, the attacker used exploit transaction 0x53eeab4447db331dbb47f93fd58a95d6faa230d559acde0687f8b5f5829e7a45 at block 18552867 to:
0xe7d25975 on each target clone with attacker-controlled owner, recipient, token, and admin array values.0x4abe11b4 and 0xd547557b to move the clone into the withdrawal-enabled state.0x90fb9dca(token,false) or the ETH path to transfer out the full victim balance.The seed metadata ties the exploit directly to the attacker EOA and helper:
from: 0x4e087743e8025012c4704a1953c87eeff1e6ef48
to: 0x3763b7f83358171b1660ee209f327954cc463129
hash: 0x53eeab4447db331dbb47f93fd58a95d6faa230d559acde0687f8b5f5829e7a45
The monetization step is visible in the trace as repeated WETH transfers to the attacker EOA. Representative examples from the same exploit transaction include:
WETH9::transfer(0x4E087743E8025012C4704a1953C87eeFF1e6EF48, 13333448332679721570)
WETH9::transfer(0x4E087743E8025012C4704a1953C87eeFF1e6EF48, 10260606491788421960)
WETH9::transfer(0x4E087743E8025012C4704a1953C87eeFF1e6EF48, 6113149077967615156)
The identified adversary cluster is:
0x4e087743e8025012c4704a1953c87eeff1e6ef48, which deployed the helper and sent the exploit transaction.0x3763b7f83358171b1660ee209f327954cc463129, which executed the repeated clone interactions.The public victim-side components observed in the incident are:
0x8dc0d817af40b1fa4f6b58034bb86f3bbefcb0a50xb4ba49c919309ab66177ac7dece4d5cd6ef714e70xa2473460f86e1058bdd0a2c531b15534fd403d97, 0xe2637e705475f367c94467c4b844d58db293aff8, and 0xf5e303702b5927670998d6ec63449cb2edf65728The impact is direct pool theft. Existing clones were reconfigured and drained without any legitimate admin action. The incident balance diff and root cause artifact record the following stolen inventory:
3492550000000000000 (decimals: 18)22241250771 (decimals: 6)100406250000000000000000 (decimals: 18)634063738278029040890177 (decimals: 18)234364304996350508376501 (decimals: 18)251562826931405333333335 (decimals: 18)43444444474768518510625 (decimals: 18)1466613438727083096939103 (decimals: 18)12753722857142857142885 (decimals: 18)52414871798928571428578 (decimals: 18)15102930000000000000003 (decimals: 18)7364395879548000000000 (decimals: 18)849006087810833333333340 (decimals: 18)124730325948563194106632 (decimals: 18)The attacker's realized post-fee portfolio increase was 52.994555879923295284 ETH-equivalent. The seed balance diff independently confirms the native ETH increase of 3365950480000000000 wei for the attacker EOA, while the trace and profit valuation artifact account for the WETH received from liquidating the stolen ERC20 inventory.
Relevant transactions:
1: 0xd2f3a9481395984736848c849140c6b86e34342be887aee3de2ae1639330109c (helper deployment)1: 0x53eeab4447db331dbb47f93fd58a95d6faa230d559acde0687f8b5f5829e7a45 (seed exploit transaction)Evidence sources:
/workspace/session/artifacts/collector/seed/1/0x53eeab4447db331dbb47f93fd58a95d6faa230d559acde0687f8b5f5829e7a45/metadata.json/workspace/session/artifacts/collector/seed/1/0x53eeab4447db331dbb47f93fd58a95d6faa230d559acde0687f8b5f5829e7a45/trace.cast.log/workspace/session/artifacts/collector/seed/1/0x53eeab4447db331dbb47f93fd58a95d6faa230d559acde0687f8b5f5829e7a45/balance_diff.jsonhttps://ethervm.io/decompile/0xb4ba49c919309ab66177ac7dece4d5cd6ef714e7https://etherscan.io/address/0xa2473460f86e1058bdd0a2c531b15534fd403d97https://etherscan.io/address/0x3763b7f83358171b1660ee209f327954cc463129/workspace/session/artifacts/auditor/iter_1/profit_valuation.json