TechFlow news, November 17 — According to a report by GoPlus Security, the organization conducted a security risk scan on over 30 projects within the x402 ecosystem and discovered severe vulnerabilities in multiple projects.
The scan results show that major risk types include excessive authorization, signature replay, honeypot traps, and infinite minting. Specifically, the transferERC20 function in the FLOCK project allows the owner to withdraw any amount of tokens from the contract; the crosschainMint function in the x420 project enables unlimited minting; and the manualSwap function in the PENG project permits the owner to extract ETH from the contract.
Multiple security incidents have previously occurred, including the October 28 attack on 402bridge due to an excessive authorization vulnerability, resulting in malicious transfers of USDC from over 200 user accounts; and on November 12, Hello402 encountered issues with infinite minting and liquidity.
