> For the complete documentation index, see [llms.txt](https://docs.ante.org/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.ante.org/gnosis-hack-incident-report.md). # Gnosis hack - Incident report On June 1, 2026 there was an exploit targeting Gnosis Pay users through a vulnerability in several Zodiac modules. Ante vaults were affected because we are using the same Delay and Roles modules Gnosis Pay used (see for more details). Total loss across all Ante vaults was about $24 in team test accounts (<0.02% of Assets Under Trust at the time of exploit). Here's what happened, why we were able to limit the damage, and what's next. ### The vulnerability The exploited bug is in `SignatureChecker._isValidContractSignature` from Zodiac base contracts, inherited by Modifier () ```typescript function _isValidContractSignature( address signer, bytes32 hash, bytes calldata signature ) internal view returns (bool result) { uint256 size; assembly { size := extcodesize(signer) } if (size == 0) { return false; } (, bytes memory returnData) = signer.staticcall( // <-- 'success' boolean is not checked abi.encodeWithSelector( IERC1271.isValidSignature.selector, hash, signature ) ); return bytes4(returnData) == EIP1271_MAGIC_VALUE; } ``` The staticcall destructuring is not using the first return argument: `(, bytes memory returnData) = signer.staticcall(...)` , which is the `bool success` flag. The function then casts the first four bytes of `returnData` to `bytes4` and compares to `0x1626ba7e` , the EIP-1271 magic value.\ The attacker manipulated the signature field in such a way to force the Safe [fallback handler](https://github.com/safe-fndn/safe-smart-account/blob/main/contracts/handler/CompatibilityFallbackHandler.sol) to call an attacker deployed contract which always reverted with a 4-byte payload matching the EIP-1271 magic value. Because of how EVM handles reverts and the sequence of smart contract calls, the revert data ended up in the `returnData` which was then compared with the magic value. This allowed the attacker to schedule any transaction on any Safe that had such a Delay module enabled. ### Mitigation We patched the contracts with this small fix. And deployed new mastercopies for both Roles and Delay modules. This is the same approach that Gnosis Pay took. ```typescript (bool success, bytes memory returnData) = signer.staticcall(...); return success && bytes4(returnData) == EIP1271_MAGIC_VALUE; ``` #### Addresses **Delay.sol** {% embed url="" %} **Roles.sol** {% embed url="" %} We shipped UI which allows users to disable the vulnerable modules and provided a way for them to create a new vault with patched recovery modules and migrate the funds into a newly deployed vault. ### Why Ante Vaults were not drained? Our vaults had a default cooldown period of 3 months. Even if the hacker was able to submit a malicious transaction, the exploit did not allow him to bypass the cooldown period. This gave us and our users enough time to react and disable the vulnerable modules. ## Next steps If you have a vault created on we advise you to go to your Ante Vaults dashboard and check for vaults that are tagged as "vulnerable". Open the vault and follow the instructions from that page to mitigate or migrate. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.ante.org/gnosis-hack-incident-report.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.