The Cryptocurrency Post The CryptocurrencyPost
AboutContact
Ethereum News

SlowMist says ATOHook storage collision exploit drained 14.4115 ETH in Solady reentrancy-guard issue

Photorealistic header: hacker silhouette before a glowing Ethereum vault with colliding storage layers.

A storage slot collision within the ATOHook contract allowed an attacker to drain approximately 14.41 ETH by exploiting an incompatibility in its interaction with Solady’s ReentrancyGuard. The security flaw stems specifically from an overlap between the contract’s ATOHook.rewards mapping and the fixed storage slot utilized by the library to manage reentrancy protection.

According to the on-chain technical breakdown, the victim Ethereum contract lost funds due to this storage collision at address 0xa10de71ddb4e0d51938ef6e0118822e157a62888. The exploit was executed via the attack contract 0x2441e480f62bf609a08da09143e4baf8a817d757, routing the siphoned assets to the attacker’s wallet at 0x2d2aafc193c24e59bd16139056ac9b4df4d37ad0. Analysis from security firm SlowMist confirms that the nonReentrant modifier was a direct part of the failure path that compromised the protocol.

The root of the issue lies in the guard’s fixed slot, located at hash 0x02215292eb9609279094554c6e223f800950648ddfa3da30329838d6c170928d. Due to the collision, the contract mishandled storage layout allocation, leaving a loophole for the attacker to manipulate variable states and repeatedly trigger reward distribution. This structural vulnerability enabled the exploit to be executed across a total of 200 repeated claims.

It is worth noting that Solady is a widely used and audited Solidity library within the crypto ecosystem. Consequently, the incident does not stem from a native defect in the library’s code, but rather from the architecture and integration of the main contract’s storage layout. When two distinct components written to and read from the exact same memory position, it corrupted the rewards accounting and effectively bypassed the defense mechanism.

At present, there are no indications that the drained funds have been recovered. This exploit serves as a clear example of how storage layout mistakes can completely undermine defensive code in DeFi protocols when application logic and external library dependencies are not perfectly aligned.