In “transfer” function, if to address is 0x0, balance of sender is reduced 2 times, wrong logic. Hacker transferred some iVest tokens to uniswap pair, called skim(0x0), sync().
Because of wrong transfer, balance of pair was very small after repeating this step 3 times. Then, he could get almost all WBNB using a few iVest tokens.
Leave a Reply