Varun Srinivasan
@v
An attacker compromised the Amps contract 12 hours ago, stealing ~$6,700 USDC from 112 Amps users. @phil and the Amps team fixed the issue and refunded users. @horsefacts and the Farcaster team have been assisting. Farcaster wallets are safe and unaffected. Who was affected? Users who gave Amps an allowance to withdraw USDC from their wallet to purchase likes and recasts were affected. Users who simply used Amps to receive funds for likes and recasts are unaffected. Users who did not use Amps are unaffected. What happened? The Amps team will publish a detailed report soon. In short, their contract had a vulnerability and the attacker was able to withdraw USDC that the users have given Amps permission to withdraw. Some users gave Amps the permission to withdraw all USDC from their wallet, and the attacker was able to withdraw all USDC. Are Farcaster wallets unsafe? No, Farcaster wallets remain safe to use. The exploit is entirely within the Amps contract and only affects users who explicitly gave Amps the permission to access their USDC. What should I do to be safe? Never give permissions to withdraw unlimited funds (as a user) and never ask for these permissions (as a dev). It is safer to ask user to transfer in a fixed amount (e.g. 100 USDC), and top up as needed.
25 replies
37 recasts
163 reactions
helladj
@helladj
Can I check my allow list somewhere somehow
1 reply
0 recast
0 reaction
smokingfrog
@smokingfrog.eth
if you export your fc wallet to the @rainbow app you should be able to use the in wallet browser on rainbow to go to revoke.cash you’ll login your wallet then hit ‘my permissions’ and you can start revoking your allow list from there 💗
1 reply
0 recast
1 reaction