Category: Uncategorized

Victim contract is a token sale contract, there’re functions for buying and selling tokens. To buy tokens, users need to send WBNB to the pool, and some of that WBNB is used as fee(like reward to Liquid Providers). This means “profitPerShare_” is increased when user buys tokens. Root cause of this hacking is in “buyFor”…

Awful “initialize” function. It didn’t set “initialized” to true, anyone can call “initialize” function. Hacker called “initialize” and then minted WXETA tokens to pair, and then drained USDT, gained $65k.

MSS pancake lp token drained $180k, but luckily $130k sent to MSS deployer. Root cause is in “buyWithMint” function of MSS token. “buyWithMint” function gets some bnb and mint MSS tokens and add some liquidity to pancake lp. Token price is calculated by “calculatePrice()” function. But “calculatePrice()” doesn’t consider pool state. If someone manipulate pool…

A staking contract named “OTSeaStaking” exploited, lost $26k. Hacker called “withdraw” several times, got much more OTSea tokens than he staked. In “withdraw” function, deposit.amount is not decreased. Anyone can deposit once and withdraw multiple times.

We have seen a flashloan exploit involving CUT token. Here, in “burn” function, only 60, 652 CUT tokens are transferred to 0x34b…e98, but after “burn”, balance of that address was 269, 661. Why? As you can see from call stack, when remove liquidity, (leftAmount – amount) is added to recipient balance, and leftAmount is calculated…

Penpie lost over $20m because of reentrancy attack. Reward amount is calculated using token balance before and after redeeming rewards. If someone can deposit tokens in “redeemRewards” function, reward amount is deposited token amount. Hacker deployed his own market before attack. https://app.blocksec.com/explorer/tx/eth/0x7e75…21d1 Then, hacker called “batchHarvestMarketRewards” function with his own market. As you can see…

In “transfer” function, if to address is 0x0, balance of sender is reduced 2 times, wrong logic. Hacker transferred some iVest tokens to uniswap pair, called skim(0x0), sync(). Because of wrong transfer, balance of pair was very small after repeating this step 3 times. Then, he could get almost all WBNB using a few iVest…

Root cause is bad exchange rate of VOW and vUSD token. Maybe this is due to mistake of team. Before hacking exchange rate was 5. Hacking happened in block 20519309, and exchange rate was set to 100 in block 20519307. https://t.co/HQX1ivaC8u After hacking, in block 20519316, they changed exchange rate to 5 again. https://t.co/um2qfNgJdq Hacker…

“transferFee” function has really basic vulnerability. who made this router?