游戏金融项目超级寿司武士（SSS），建立在Coinbase的Base二层区块链和Telegram通讯应用上，在3月21日发生双重花费漏洞被发现后，一位自称白帽子黑客从其流动池中提取了480万美元。哇塞，这是炒币界的大快人心时刻！

In a statement to Cointelegraph, blockchain analytics firm CertiK noted that “the vulnerability is within the [SSS] contracts _update() function, which doesn’t correctly update balances when transferring to self.” So, when a user transfers their entire balance of SSS tokens to themselves, the resulting balance is doubled.

The @SSS_HQ $SSS LP was just drained on blast because their token contract has a bug where transferring your entire balance to yourself doubles it.

The order of operations decrements the balance for "from" and then sets the balance for "to" - if these are the same address, the… pic.twitter.com/RStMcFH3sy

CertiK noted that during the incident, one user, operating the address 0x786C8f95C17BB990a040dc4D6539B01FC1b72842, initially purchased 690 million SSS tokens, transferred the entirety of the balance to themselves, doubled it 25 times, and finally ended “with 11.5 trillion SSS tokens which were then sold for 1,310 ETH (~$4,590,827).”

Shortly after the incident, the user who double-spent the tokens stated in a blockchain message: 

尽管他们的好意令人敬佩，但我们必须指出，这位自称的白帽子袖手旁观导致了价值4.8百万美元的资金撤离后，SSS代币的崩盘。在此之前，SSS的总市值达到2775万美元。自从那时起，代币已经贬值了超过99%。同一天，SSS的开发人员回应说：

就在一个月前，这个新奇的ERC-X代币矿工在一位用户发现双重花费漏洞后崩溃，导致无限制造代币。新加坡区块链安全公司SlowMist的共同创始人Yu Xian说：“合同的低级漏洞真让人痛苦。你可以通过转钱给自己来双倍你的余额。”这次故障导致用户损失超过1000万美元。

相关：KyberSwap攻击者利用“无限金钱漏洞”洗劫资金——DeFi专家