A computation bug that allowed Truebit to be hacked for 8535 ETH

Original Title: "Truebit Protocol $26.44M Hack Contract Vulnerability Analysis"
Original Source: ExVul Security

On January 8, 2026, the Truebit Protocol was hacked, resulting in a loss of 8,535.36 ETH (approximately $26.44 million). The official Truebit Protocol announcement was made early the next day. The ExVul security team conducted a detailed vulnerability analysis of this attack, with the following results:

Attack Process

Attacker's Address:

0x6c8ec8f14be7c01672d31cfa5f2cefeab2562b50

Attack Transaction Hash:

0xcd4755645595094a8ab984d0db7e3b4aabde72a5c87c4f176a030629c47fb014

The attacker completed the attack by looping 4 times through calls to getPurchasePrice→0xa0296215→0xc471b10b transactions. The analysis focuses on the first loop as an example.

1. The attacker first called the getPurchasePrice(240442509453545333947284131) function, which returned 0.

2. The attacker called the 0xa0296215(c6e3ae8e2cbab1298abaa3) function with a msg.value of 0 and successfully minted 240442509453545333947284131 TRU tokens.

3. The attacker called the 0xc471b10b(c6e3ae8e2cbab1298abaa3) function. They then burned 240442509453545333947284131 TRU tokens and received 5105.06 ETH.

Attack Logic Analysis

By understanding the above attack process, it is evident that there are issues in the logic of the getPurchasePrice function and the 0xa0296215 function. The following is an in-depth analysis (as the contract is not open-source, the following code is decompiled code).

By comparing the similarities of two functions, we can discover that the 0x1446 function is used to determine how much ETH is needed to purchase a specific amount of TRU. Clearly, there is a flaw in the logic of the 0x1446 function, leading to an incorrect ETH calculation. The following is a detailed analysis of the logic in the 0x1446 function.

Observing the logic in the 0x1446 function, because the final calculation result v13  == 0, it is certain that the calculation logic mentioned earlier is flawed. It is important to note that the function 0x18ef is equivalent to _SafeMul, so the issue lies in using native addition v12 + v9 (the contract version is  ^0.6.10, hence no overflow check).

v12 and v9 represent:

Through the above analysis, the attacker's approach is to input a huge _amountIn to overflow v12 + v9 into a very small value, ultimately resulting in (v12 + v9) / v6 == 0.

Summary

The fundamental reason for the attack on the Truebit Protocol this time is the presence of a severe integer overflow bug in its token purchase price calculation logic. Since the contract uses Solidity version ^0.6.10 and does not perform safety checks on crucial arithmetic operations, it ultimately led to a significant loss of 8,535.36 ETH. The new version of Solidity itself has already alleviated overflow vulnerabilities. This attack should be seen as a hacker leveraging AI to automatically scan some live but older DeFi protocols to discover vulnerabilities (including the recent Balancer and yETH attacks). We believe that such AI-driven attacks on older DeFi protocols will become more common in the near future. Therefore, we recommend that projects conduct new security audits on their contract code. If vulnerabilities are found, they should promptly upgrade the contract or transfer assets, maintain on-chain monitoring, promptly detect anomalies, and minimize losses.

This article is contributed content and does not represent the views of BlockBeats.