Halted By Design
One missing case. Every validator stopped.
Hey, it’s Arsen.
In today’s menu:
• The public string that gave anyone access to 86 Gnosis Safes
• One failed Sui transaction that halted every honest validator
• The Arbitrum DAO just voted on where frozen KelpDAO ETH goes
• And more…
🏴☠️ Hacks
Two exploits from this week
SquidRouterModule source | WUSD.fi source
SquidRouterModule — $3.2M, 86 Gnosis Safes
You install a module on your Gnosis Safe.
The name says SquidRouterModule. Squid Router is trusted. You’ve seen it everywhere.
The module isn’t Squid’s.
Third-party contract. Verified on Basescan as SquidRouterModule. Not built, deployed, or audited by Squid. One missing check: it accepted a caller-supplied constant string as proof of authorization. The string sits in the verified source — public, readable, usable by anyone.
If the auth string is public, who is it actually keeping out?
The attacker deployed Foundry-based exploit contracts. Called executeSameChainActions() with the string. Hit the DelegateBundler path — impersonating authorized delegates on victim Safes. Swaps fired: real tokens out, a worthless attacker-deployed token (”u”, 42 holders) in. Attacker pre-seeded Uniswap V3 pools with “u” pairs. Removed liquidity post-drain. All proceeds converted to 3.07M DAI.
86 Safes. Two hours. Squid’s name took the hit for code they never wrote.
Read the code behind the module name. Not the name.
WUSD.fi — $200K via Sybil Abuse
The protocol had an incentive mechanic in WUSD._englove.
Wrap at least 100 WUSD while holding fewer than 2 GLOVE. Receive up to 2 free GLOVE via Glove.mintCreditless. No sybil check. No rate limit.
What does a “fresh address” requirement mean to an attacker with EIP-7702?
Provisioned on demand.
The attacker deployed EIP-7702 helper contracts — EOAs that execute like contracts. Funded each cycle with a Morpho USDT flash loan. Wrap. Claim. Unwrap. Repeat. Across fabricated fresh addresses at scale.
Each individual claim was valid by the contract’s logic. The loop wasn’t.
GLOVE hit Uniswap V3 GLO pools on the way out. $200K in USDC and USDT extracted.
Glove.mintCreditless — creditless means no collateral. It was never meant to mean unlimited.
🗞️ News
Arbitrum DAO votes to release frozen ETH — funds go to Aave
The Arbitrum DAO passed a constitutional proposal.
Release the ETH the Security Council froze after KelpDAO’s rsETH incident. 190M FOR + ABSTAIN votes. Quorum cleared.
Constitutional proposals take 2-3 weeks to execute. When this one does, the ETH moves to a wallet controlled by Aave — not back to original holders.
Once a security council freezes funds — who owns them?
The Security Council froze fast. Correct call. The chain of custody transferred to the DAO, which deliberated and voted. The DAO decided the destination: Aave.
The original holders aren’t in that sentence.
This is the precedent. Emergency freezes preserve optionality — for the DAO, not original owners. If you’re building under a security council, understand who controls the next decision.
The freeze worked. What happens to the funds is always a governance question.
📚 Education
Sui Mainnet Halt — May 28, 2026
Sui went down for hours.
Two tweets from Suibracket the public record. Mainnet stall. Patch deployed. Back online. What happened between them: a single missing case. One failed user transaction. Every honest validator halted.
Sui’s 1.72 release introduced Address Balance. An account-style balance layer on top of its object model. Gas can be paid via coin reservations — a reservation isn’t a real coin. It’s a promise to withdraw from Address Balance.
When gas smashing runs, any reservation entry emits an AccumulatorEvent::Split into the TemporaryStore. That Split feeds the settlement system transaction, which applies the net balance change at the checkpoint boundary.
The bug: a transaction about to fail with InsufficientFundsForWithdraw still ran smashing first.
Failure reset object state. It did not reset the event.
What does a failed transaction actually write — before it fails?
Settlement later tried to apply that Split against a zero balance:
u128.value = 0 + 0 - R; // checked underflow → abort
Move’s checked arithmetic refused. No silent solvency bug.
But refusing meant aborting the settlement system transaction.
Settlement is deterministic. Every validator derives the identical system transaction from the checkpoint. Every validator hit the identical abort.
Chain stopped.
No funds stolen. Move caught the solvency bug. The chain paid with liveness.
The fix: 16 lines in execution_engine.rs. Prune reservation entries from gas_data.payment before smashing — when an IFFW abort is coming. No reservation → no Split → no poisoned checkpoint.
Audit every early-abort path. Not just whether the transaction fails. What it writes before it does.
That’s it for this week.
Reply with the Solana bug, tool, or pattern you want me to cover next — I read every one.
If a working Solana auditor in your circle would find this useful, forward it their way.
— Arsen, working Solana auditor