A QNT reserve pool has been drained of approximately 1988.5 QNT tokens, valued at roughly 54.93 ETH, due to a design flaw within the EIP-7702 account standard. SlowMist security team's analysis revealed that the management authority of the QNT reserve pool was held by an external owned account (EOA). This EOA utilized the EIP-7702 mechanism to delegate its code to a smart contract. However, the contract's functions were left entirely open to any external caller, lacking essential permission checks. This vulnerability allowed attackers to directly withdraw QNT tokens from the reserve pool. The malicious transactions have been confirmed on-chain. SlowMist has issued a warning to relevant protocols and users, urging them to prioritize the secure implementation of EIP-7702's new features.
#crypto #blockchain #news
Blockchain Report
npub1cg…nmysr
2026-04-29 17:48:58 UTC
Author Public Key
npub1cg2ejqexhx88llcve0yxts2exv5q9k0a88l69q0vp7y5n0f2xyfscnmysrSeen on
wss://nos.lolPublished at
2026-04-29 17:48:58 UTCEvent JSON
{
"id": "6b5369e20661ea3713021d71572105d7c5232f2831ce2d2e5a366f9954214235",
"pubkey": "c215990326b98e7fff0ccbc865c159332802d9fd39ffa281ec0f8949bd2a3113",
"created_at": 1777484938,
"kind": 1,
"tags": [],
"content": "A QNT reserve pool has been drained of approximately 1988.5 QNT tokens, valued at roughly 54.93 ETH, due to a design flaw within the EIP-7702 account standard. SlowMist security team's analysis revealed that the management authority of the QNT reserve pool was held by an external owned account (EOA). This EOA utilized the EIP-7702 mechanism to delegate its code to a smart contract. However, the contract's functions were left entirely open to any external caller, lacking essential permission checks. This vulnerability allowed attackers to directly withdraw QNT tokens from the reserve pool. The malicious transactions have been confirmed on-chain. SlowMist has issued a warning to relevant protocols and users, urging them to prioritize the secure implementation of EIP-7702's new features.\n\n#crypto #blockchain #news ",
"sig": "c7bedfaa3c38046e029df95b60df7183238ed01ffb2bbc12e5feaa7b33f9c950cea3120e31c5faea11d7d185021fe0cc3d94726fb00005314eccec0af4d1771c"
}