[Suspected Attack on Ethereum Chain Causes Approximately $120,000 Loss, Key Function Vulnerability Likely the Main Cause] Phalcon alerts from BlockSec indicate multiple suspicious transactions occurred on the Ethereum chain, resulting in a loss of approximately $120,000. The attack involved two unknown contracts deployed by the same address, with transactions initiated by different external accounts (EOAs). Preliminary analysis suggests that the lack of access control in the critical functions `approveERC20` and `withdrawAll` within the victim contracts may have been the primary reason attackers were able to drain the tokens in the contracts. Notably, the `withdrawAll` function required the burning of sufficient `sil` tokens. In the second transaction, the attacker obtained `sil` tokens through a flash loan and conducted multiple token swaps before executing the main attack. This incident highlights the importance of robust access control mechanisms in smart contracts.