Repeated attacker - FN

[Ivan1905]

Hi there,

Recently there was a new exploit, tx here: https://bscscan.com/tx/0x12f27e81e54684146ec50973ea94881c535887c2e2f30911b3402a55d67d121d

When checking the initiator, I see that 0x4645863205b47a0A3344684489e8c446a437D66C has also been implicated in Dualpools attack (this has been flagged in the file), do we know why it was not caught?

Thought that with the new logic of the True Positive list fetching, this should have been caught.

This is the dualpools exploit: https://bscscan.com/tx/0x90f374ca33fbd5aaa0d01f5fcf5dee4c7af49a98dc56b47459d8b7ad52ef1e93

[RCantu92]

Hey @Ivan1905, I've looked into this and here are some notes:

• Per the note I left in the True Positive List PR on the Early AD here, that functionality was only deployed to the Beta EAD and wasn't deployed to the PROD EAD yet.
  • IIRC, we were going to let the Beta run for some thing before deploying those changes to the PROD version.
• The Early AD really focuses on funding and malicious contract creation, so it would be more accurate to check against the contract creation transaction of contract 0x8f921e27e3af106015d1c3a244ec4f48dbfcad14 instead. That transaction is 0xbea712f5c576294eeb953864c4336fa627b4fbef0f28c40a1584cb45b0713c21.
• The beta EAD did alert on the contract creation transaction above, here, but it wasn't appropriately flagged as Critical severity.
  • I have looked into it and have incorporated some changes to address the issue. Will deploy to the Beta when the new changes are approved.