Since 09/11/2024, Blocksec monitored hundreds of suspicious tx targeting InfernoBullWin, each tx gained about $1.5k.
Victim contract has “swapTitanXForInfernoAndBurn” function which exchanges its “Titan” tokens to “Inferno” tokens, and then burns “Inferno” tokens. Anyone can call this function.
This function was used for sandwich attack. Drainers swapped large amount of “Titan” to “Blaze”, and then called “swapTitanXForInfernoAndBurn”. After that exchanged “Blaze” to “Titan”, “Titan” to “Eth”.
“swapTitanXForInfernoAndBurn” function should have modifier like “onlyOwner” to prevent being called by anyone.
Leave a Reply