Binance to continue to monitor the Audius hack
So far, no funds have arrived at Binance as a result of the Audius hack.
Binance says it will continue to monitor the situation.
— CZ 🔶 Binance (@cz_binance) July 31, 2022
This week’s Audius hack involved two contracts that shared the same storage slot for three different variables.
As a result, the values of initialising and initialised appeared to be true.
When you initialise true, the rest of the require check short circuits and does not run.
The Open Zeppelin team has published an excellent postmortem on how they prevented further damage after their code was hacked in the midst of a major software upgrade.
The implementation contract used the end of the admin address on the proxy as the value of the initialising and.initialize variables, resulting in a conflict between the two contracts.