The Ethereum Alarm Clock smart contract has been abused, and as a result, the exploiters have been able to earn more ETH-denominated reimbursements than were originally planned.
The Ethereum Alarm Clock is a technology that gives users the ability to pre-schedule their upcoming Ethereum transactions. The concept for transaction scheduling that it employs may be found in smart contracts.
Peckshield, a business that specializes in blockchain security and analytics, made the discovery of the continuing hack earlier today.
The vulnerability begins with the attacker making a call to the cancel function of the Ethereum Alarm Clock contract with a transaction cost that is much higher than usual. The vulnerability manifests itself in the subsequent phase, which involves the calculation of the transaction fee refund at an incorrectly high level, which results in the distribution of a greater amount than was intended.
Because of the increased transaction cost that was established by the exploiter, the final outcome offers the exploiter a significantly larger amount of ETH to repay. According to Igor Igamberdiev of The Block Research, under typical conditions, the user who called the contract would only earn back a somewhat more amount than what their transaction charge was.
