Ethereum Alarm Clock's smart contract is being targeted by exploiters

Quick Take

  • An exploited Ethereum Alarm Clock smart contract has allowed exploiters to take advantage of a gas refund bug.
  • Blockchain security and analytics company Peckshield first reported the exploit Wednesday.

An exploited Ethereum Alarm Clock contract has allowed exploiters to receive more ETH-denominated refunds than intended.

Ethereum Alarm Clock is a protocol that allows users to schedule future Ethereum transactions. The transaction scheduling logic it uses occurs in smart contracts.

Blockchain security and analytics company Peckshield reported the ongoing exploit earlier this morning.

Under the exploit, the attacker first calls a cancel() function on the Ethereum Alarm Clock contract with an abnormally high transaction fee. The exploit occurs in the following step, where the transaction fee refund is calculated too high, paying out a higher value than intended.

The end result gives the exploiter a much higher ETH refund because of the higher transaction fee that they set. Under normal circumstances, the user calling the contract would receive back only slightly more than what their transaction fee was, according to The Block Research's Igor Igamberdiev.

This is a developing story.


© 2025 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

AUTHOR

Mike is a reporter on the crypto ecosystems team who specializes in zero-knowledge proofs and applications. Prior to joining The Block, Mike worked with Circle, Blocknative, and various DeFi protocols on growth and strategy.

See More

WHO WE ARE

The Block is a news provider that strives to be the first and final word on digital assets news, research, and data.

+ Follow us on Google News
Connect with the block on