Wu Shuo learned that CertiK has issued an alert, detecting a suspected attack that exploits a loophole in the contract between Lightning Loan and NFT market. The attacker initiates an operation through a zero transaction fee lightning loan, exploits the delegatecall and quotation logic vulnerabilities (makeOffer and acceptOffer) in the NFT market, and returns the lightning loan after abnormal asset transfer, completing a "seamless exit". At present, there has been no direct financial loss, but it is recommended to immediately review the permission control and parameter verification mechanism for projects using the delegatecall quotation logic. https://www. (wublock123.com)/index.php? m=content&c=index&a=show&catid=6&id=40657