Port3 Network: Being Attacked Due to CATERC20 Vulnerability, Will Release a New Token to Fully Address the Issue

BlockBeats News, November 23rd, Port3 Network's official statement on social media indicated that PORT3 adopted Nexa Network's cross-chain token solution, CATERC20, to support multi-chain development, but the solution had a boundary condition verification vulnerability. When token ownership was renounced, the function's return value coincidentally matched the owner verification condition, causing the permission check to fail, allowing unauthorized access.

This vulnerability was not identified in the CATERC20 audit report. Since the PORT3 token had previously renounced ownership to enhance decentralization, it happened to be in a vulnerable state that could be exploited.

After the hacker discovered this authorization validation flaw, at UTC time 20:56:24, they initiated a RegisterChains operation from address 0xb13A...812E to register their address as an authorized address. The attacker then repeated the same attack method from multiple addresses such as 0x7C2F...551fF.

The official team has contacted major exchanges to suspend deposits and withdrawals. The next steps will involve issuing a fixed version of the token to thoroughly address this issue.