“transfer” function of BOLT token burns some BOLT of pancake pair when “to” address is pancake pair.
Hacker was able to manipulate pair state leveraging this logic. He exchanged a huge amount of USDT to BOLT, BOLT balance of pancake pair decreased. After that he transferred some BOLT to pancake pair and called “skim”, repeated this step multiple times.
BOLT balance of pancake pair was much smaller than normal, hacker was able to drain all USDT in pancake pair by selling BOLT tokens.
Total loss is $15k.
Leave a Reply