We have seen a flashloan exploit involving CUT token.
Here, in “burn” function, only 60, 652 CUT tokens are transferred to 0x34b…e98, but after “burn”, balance of that address was 269, 661. Why?
As you can see from call stack, when remove liquidity, (leftAmount – amount) is added to recipient balance, and leftAmount is calculated from “valuePreservationByRemoveLP” function. The ActCheckContract is not verified, so can’t know what it does in detail, but it calculates result using “getReserves” function, maybe CUT token amount in pancake pair.
Hacker could manipulate this value by swapping large amount of tokens, amount became much bigger than normal. Then, swapped the large amount of CUT to USDT tokens.
Hacker gained over $1.4M in several hacking tx.
Leave a Reply