CertiK Detects Vulnerability in FOOMCASH Lottery Contract with Up to $1.8 Million Loss

Overview of the Vulnerability Incident

Recently, CertiK's security team detected unusual activity in the lottery contract of a privacy-focused gaming project, FOOMCASH. The initial estimate suggests losses amounting to approximately $1.8 million. This event is believed to be a result of a smart contract vulnerability exploit, potentially involving white-hat intervention.

Root Cause Analysis

Early investigations indicate that the issue may stem from misconfigurations in the Groth16 validator. Under specific conditions, attackers could repeatedly collect Z0OM tokens, leading to unauthorized fund transfers. Such vulnerabilities are often linked to flaws in zero-knowledge proof validation logic.

Security Recommendations

• Project teams should enhance smart contract audits, especially focusing on validator logic design.
• Implement multi-layered security mechanisms to improve real-time detection of anomalous transactions.
• Users are advised to stay updated with official announcements and avoid high-risk actions during vulnerability resolution periods.