TechFlow News: On June 20, the Zodiac team released a security incident analysis report regarding the Zodiac Roles Modifier. The report disclosed that the root cause of the vulnerability lies in a flaw within the ERC-1271 transaction signature verification logic: the system determines signature validity solely based on the returned “magic value,” without verifying whether the call itself succeeded—thus potentially allowing failed verifications to masquerade as valid signatures and bypass the module’s authentication mechanism.
Zodiac clarified that this vulnerability is exploitable only under specific configurations; EOA-role members and other deployments not using the affected module remain unaffected. Affected users have already been notified, and a self-service detection and remediation tool has been deployed. Additionally, Zodiac is collaborating with white-hat researchers to recover compromised assets; over 99% of potentially at-risk funds have been secured. The relevant contracts have been patched and independently audited, and services have resumed normal operation.
