MSS pancake lp token drained $180k, but luckily $130k sent to MSS deployer.
Root cause is in “buyWithMint” function of MSS token.
“buyWithMint” function gets some bnb and mint MSS tokens and add some liquidity to pancake lp. Token price is calculated by “calculatePrice()” function. But “calculatePrice()” doesn’t consider pool state.
If someone manipulate pool state and call “buyWithMint”, he can get much more MSS tokens than expected.
Hacker exchanged huge amount of BNB to MSS tokens, and called “buyWithMint” function, then swapped all MSS tokens to BNB again, gained $50k.
Leave a Reply