SlowMist: ReachMe Previously Had a Message Fee Bypass Vulnerability, Allowing Users to Send Messages to CZ at a Low Cost

Blockbeats

28 Mar

BlockBeats News, March 28th, recently SlowMist Security Team disclosed that a logic vulnerability was found in the subscription-based messaging platform ReachMe io in the BNB Chain ecosystem. This vulnerability could bypass the preset fee mechanism and allow sending messages to any KOL (including CZ) at a very low cost.

The researchers successfully sent a message to CZ with only 0.01 BNB, bypassing the original 1 BNB message fee. The vulnerability was due to the contract failing to verify the consistency between on-chain transfer amounts and the front-end set price. The vulnerability has since been promptly patched.

Disclaimer: Investing carries risk. This is not financial advice. The above content should not be regarded as an offer, recommendation, or solicitation on acquiring or disposing of any financial products, any associated discussions, comments, or posts by author or other users should not be considered as such either. It is solely for general information purpose only, which does not consider your own investment objectives, financial situations or needs. TTM assumes no responsibility or warranty for the accuracy and completeness of the information, investors should do their own research and may seek professional advice before investing.

Most Discussed

1
2
3
4
5
6
7
8
9
10

{"basename":"","ssrTDKData":{"titleTemplate":"%s - Tiger Brokers","title":"Tiger Brokers | Global Stocks, Options & Futures Trading App","description":"Tiger Brokers, one-stop investment in US stocks, SGX stocks, HK stocks, A-shares & other global assets. One of the best stock trading platforms in Singapore.","keywords":"tiger brokers,tiger trade,tiger brokers singapore,broker online,stock trading in singapore,share trading singapore,brokerage firm singapore,trading app,stock broker singapore,stock trading platforms,trading account","social":{"ogDescription":"Tiger Brokers, one-stop investment in US stocks, SGX stocks, HK stocks, A-shares & other global assets. One of the best stock trading platforms in Singapore.","ogImage":"https://c1.itigergrowtha.com/portal5/static/media/og-logo.be62fbe1.png","ogUrl":"https://www.itiger.com/news/2522529650"},"companyName":"Tiger Brokers"},"pageData":{"isMobile":false,"isTiger":false,"isTTM":true,"region":"SGP","license":"TBSG","edition":"fundamental"},"__swrFallback__":{"@#url:\"https://stock-news.skytigris.cn/v3/news\",params:#id:\"2522529650\",edition:\"fundamental\",,,undefined,":{"share":"https://ttm.financial/m/news/2522529650?lang=en_US&edition=fundamental","thumbnail":"","is_english":true,"pubTime":"2025-03-28 18:12","share_image_url":"https://static.laohu8.com/e9f99090a1c2ed51c021029395664489","id":"2522529650","market":"us","top_or_hot":-1,"title":"SlowMist: ReachMe Previously Had a Message Fee Bypass Vulnerability, Allowing Users to Send Messages to CZ at a Low Cost","media":"Blockbeats","content":"<html><body><div><p>BlockBeats News, March 28th, recently SlowMist Security Team disclosed that a logic vulnerability was found in the subscription-based messaging platform ReachMe io in the BNB Chain ecosystem. This vulnerability could bypass the preset fee mechanism and allow sending messages to any KOL (including CZ) at a very low cost.</p><p>The researchers successfully sent a message to CZ with only 0.01 BNB, bypassing the original 1 BNB message fee. The vulnerability was due to the contract failing to verify the consistency between on-chain transfer amounts and the front-end set price. The vulnerability has since been promptly patched.</p></div></body></html>","source":"theblockbeats_live","html":"<!DOCTYPE html>\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n<meta name=\"viewport\" content=\"width=device-width,initial-scale=1.0,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no\"/>\n<meta name=\"format-detection\" content=\"telephone=no,email=no,address=no\" />\n<title>SlowMist: ReachMe Previously Had a Message Fee Bypass Vulnerability, Allowing Users to Send Messages to CZ at a Low Cost</title>\n<style type=\"text/css\">\na,abbr,acronym,address,applet,article,aside,audio,b,big,blockquote,body,canvas,caption,center,cite,code,dd,del,details,dfn,div,dl,dt,\nem,embed,fieldset,figcaption,figure,footer,form,h1,h2,h3,h4,h5,h6,header,hgroup,html,i,iframe,img,ins,kbd,label,legend,li,mark,menu,nav,\nobject,ol,output,p,pre,q,ruby,s,samp,section,small,span,strike,strong,sub,summary,sup,table,tbody,td,tfoot,th,thead,time,tr,tt,u,ul,var,video{ font:inherit;margin:0;padding:0;vertical-align:baseline;border:0 }\nbody{ font-size:16px; line-height:1.5; color:#999; background:transparent; }\n.wrapper{ overflow:hidden;word-break:break-all;padding:10px; }\nh1,h2{ font-weight:normal; line-height:1.35; margin-bottom:.6em; }\nh3,h4,h5,h6{ line-height:1.35; margin-bottom:1em; }\nh1{ font-size:24px; }\nh2{ font-size:20px; }\nh3{ font-size:18px; }\nh4{ font-size:16px; }\nh5{ font-size:14px; }\nh6{ font-size:12px; }\np,ul,ol,blockquote,dl,table{ margin:1.2em 0; }\nul,ol{ margin-left:2em; }\nul{ list-style:disc; }\nol{ list-style:decimal; }\nli,li p{ margin:10px 0;}\nimg{ max-width:100%;display:block;margin:0 auto 1em; }\nblockquote{ color:#B5B2B1; border-left:3px solid #aaa; padding:1em; }\nstrong,b{font-weight:bold;}\nem,i{font-style:italic;}\ntable{ width:100%;border-collapse:collapse;border-spacing:1px;margin:1em 0;font-size:.9em; }\nth,td{ padding:5px;text-align:left;border:1px solid #aaa; }\nth{ font-weight:bold;background:#5d5d5d; }\n.symbol-link{font-weight:bold;}\n/* header{ border-bottom:1px solid #494756; } */\n.title{ margin:0 0 8px;line-height:1.3;color:#ddd; }\n.meta {color:#5e5c6d;font-size:13px;margin:0 0 .5em; }\na{text-decoration:none; color:#2a4b87;}\n.meta .head { display: inline-block; overflow: hidden}\n.head .h-thumb { width: 30px; height: 30px; margin: 0; padding: 0; border-radius: 50%; float: left;}\n.head .h-content { margin: 0; padding: 0 0 0 9px; float: left;}\n.head .h-name {font-size: 13px; color: #eee; margin: 0;}\n.head .h-time {font-size: 11px; color: #7E829C; margin: 0;line-height: 11px;}\n.small {font-size: 12.5px; display: inline-block; transform: scale(0.9); -webkit-transform: scale(0.9); transform-origin: left; -webkit-transform-origin: left;}\n.smaller {font-size: 12.5px; display: inline-block; transform: scale(0.8); -webkit-transform: scale(0.8); transform-origin: left; -webkit-transform-origin: left;}\n.bt-text {font-size: 12px;margin: 1.5em 0 0 0}\n.bt-text p {margin: 0}\n</style>\n</head>\n<body>\n<div class=\"wrapper\">\n<header>\n<h2 class=\"title\">\nSlowMist: ReachMe Previously Had a Message Fee Bypass Vulnerability, Allowing Users to Send Messages to CZ at a Low Cost\n</h2>\n\n<h4 class=\"meta\">\n\n\n2025-03-28 18:12 GMT+8&nbsp;&nbsp;&nbsp;<a href=https://www.theblockbeats.info//en/flash/287406><strong>Blockbeats</strong></a>\n\n\n</h4>\n\n</header>\n<article>\n<div>\n<p>BlockBeats News, March 28th, recently SlowMist Security Team disclosed that a logic vulnerability was found in the subscription-based messaging platform ReachMe io in the BNB Chain ecosystem. This ...</p>\n\n<a href=\"https://www.theblockbeats.info//en/flash/287406\">Source Link</a>\n\n</div>\n\n\n</article>\n</div>\n</body>\n</html>\n","isBrief":false,"type":0,"news_type":1,"symbol":"BK4120","symbol_name":"环境与设施服务","start_time":0,"source_url":"https://www.theblockbeats.info//en/flash/287406","article_id":"2522529650","we_media_id":null,"thumbnails":[],"rights":null,"url":"https://stock-news.laohu8.com/highlight/detail?id=2522529650","pubTimestamp":1743156720,"columns":[],"sourceInfo":{"source_id":"theblockbeats_live","name":"Blockbeats快讯"},"weMediaInfo":null,"summary":"BlockBeats News, March 28th, recently SlowMist Security Team disclosed that a logic vulnerability was found in the subscription-based messaging platform ReachMe io in the BNB Chain ecosystem. This vulnerability could bypass the preset fee mechanism and allow sending messages to any KOL  at a very low cost.The researchers successfully sent a message to CZ with only 0.01 BNB, bypassing the original 1 BNB message fee. The vulnerability was due to the contract failing to verify the consistency between on-chain transfer amounts and the front-end set price. The vulnerability has since been promptly patched.","collect":0,"end_time":0,"defaultTopTitle":"theblockbeats.info","property":[],"viewcount":null,"language":"en","relate_stocks":{"BK4120":"环境与设施服务","KOL":"Market Vectors-Coal ETF","TISI":"Team Inc"},"translate_title":"SlowMist：ReachMe之前存在消息费用绕过漏洞，允许用户以低成本向CZ发送消息","themeId":null,"isJumpTheme":false,"ttsUrl":null,"symbols_score_info":{"KOL":1,"TISI":1},"content_text":"BlockBeats News, March 28th, recently SlowMist Security Team disclosed that a logic vulnerability was found in the subscription-based messaging platform ReachMe io in the BNB Chain ecosystem. This vulnerability could bypass the preset fee mechanism and allow sending messages to any KOL (including CZ) at a very low cost.The researchers successfully sent a message to CZ with only 0.01 BNB, bypassing the original 1 BNB message fee. The vulnerability was due to the contract failing to verify the consistency between on-chain transfer amounts and the front-end set price. The vulnerability has since been promptly patched.","kind":"highlight","is_publish_news":true,"is_publish_highlight":false,"is_publish_live":false,"is_publish_wemedia":null,"editions":null,"column":"","sentiment":"0","news_tag":"","news_rank":0,"symbols":[],"gpt_button":1,"code":"91000000","status":"200"}}}