In “transfer” function, if to address is 0x0, balance of sender is reduced 2 times, wrong logic. Hacker transferred some iVest tokens to uniswap pair, called skim(0x0), sync().

Because of wrong transfer, balance of pair was very small after repeating this step 3 times. Then, he could get almost all WBNB using a few iVest tokens.

Leave a Reply