BlockSec: DBXen contract遭遇攻击，损失约 150,000美元

According to BlockSec monitoring, the DBXen contract was attacked this morning, with estimated losses of about $150,000. The root cause lies in the inconsistency of the sender's identity under the ERC2771 meta-transaction. In the burnBatch() function, the gasWrapper() modifier uses _msgSender() (the actual user) to update the state, while the callback function onTokenBurned() uses msg.sender (the relayer). This leads to accCycleBatchesBurned being recorded for the user, but lastActiveCycle being incorrectly updated for the relayer.

This inconsistency disrupts the logic of claimFees() and claimRewards(). When updateStats() is run for the user, the contract incorrectly assumes there are unprocessed burned batches because accCycleBatchesBurned has been updated while lastActiveCycle has not, resulting in incorrect calculations of rewards and fees, allowing the attacker to extract excess funds for profit.