There’s a function that can be used for swapping WBNB to EGA token in victim contract.

This function has no access control, anyone can call this function with only 1 wei.

This is vulnerable to sandwich attack. Hacker swapped large amount of WBNB to EGA, called vulnerable function, and then swapped EGA to WBNB, gained 506 WBNB for free.

Leave a Reply