Beosin is a leading global blockchain security brand co-founded by several professors from world-renowned universities.
Beosin is a leading global blockchain security brand co-founded by several professors from world-renowned universities.
Subscribe to Beosin
Subscribe to Beosin
Share Dialog
Share Dialog
<100 subscribers
<100 subscribers
Beosin2omb 3omb is currently being targeted by an arbitrage flash loan attack.
1/6 @_2omb suffered a series of flashloan attacks. We take one of the transactions (0xb134f5d0609863aeaab8b8aeb77765a7a0f1e6a379c27455845e46d2261c46a9) as an example to show the key steps. 2/6 Flashloan 139,504 2omb tokens in uniswap’s 2omb-wftm trading pair and send them to the attack contract 0x77a5d0cdd1f4069747d9236b50f09f34b6d5b378.3/6 Use the attack contract to split the funds, and swap in RedemptionPair (0x5D59cDaB08C8BbE4986173a628f8305D52B1b4AE) for multiple times. 4/6 Since in the R...
BeosinBeosin’s Analysis of the Arbitrum-based TreasureDAO exploit: Almost all Hacked NFTs Have been Return…
Beosin Eagle Eye reported that on March 3, 2022, Arbitrum-based marketplace TreasureDAO was exploited and over 100 NFTs were stolen. However, almost all hacked NFTs have been returned after a few hours of this exploit. The following is Beosin’s detailed analysis of this incident: #1 Overview The transaction initiation address exploited a logic flaw in the TreasureMarketplaceBuyer contract to obtain ERC-721 tokens at no cost by setting the totalPrice to zero through a vulnerability in the buyI...
BeosinAttacked 40 Times and Lost Around $1.7 Million: An analysis of Paraluni’s Exploit
On March 13, 2022, Beosin Eagle Eye reported that the Paraluni contract was hacked with a loss of about $1.7 million. Our security technical team has conducted a relevant analysis of this incident. #1 Overview Take the first attack transaction 0xd0b4a1d4964cec578516bd3a2fcb6d46cadefe1fea5a2f18eec4c0a496e696f9 as an example: Address list Attack address: 0x94bC1d555E63eEA23fE7FDbf937ef3f9aC5fcF8F Attack contract: 0x4770b5cb9d51EcB7AD5B14f0d4F2cEe8e5563645 ParaProxy: 0x633Fa755a83B015cCcDc451F82...
Beosin2omb 3omb is currently being targeted by an arbitrage flash loan attack.
1/6 @_2omb suffered a series of flashloan attacks. We take one of the transactions (0xb134f5d0609863aeaab8b8aeb77765a7a0f1e6a379c27455845e46d2261c46a9) as an example to show the key steps. 2/6 Flashloan 139,504 2omb tokens in uniswap’s 2omb-wftm trading pair and send them to the attack contract 0x77a5d0cdd1f4069747d9236b50f09f34b6d5b378.3/6 Use the attack contract to split the funds, and swap in RedemptionPair (0x5D59cDaB08C8BbE4986173a628f8305D52B1b4AE) for multiple times. 4/6 Since in the R...
BeosinBeosin’s Analysis of the Arbitrum-based TreasureDAO exploit: Almost all Hacked NFTs Have been Return…
Beosin Eagle Eye reported that on March 3, 2022, Arbitrum-based marketplace TreasureDAO was exploited and over 100 NFTs were stolen. However, almost all hacked NFTs have been returned after a few hours of this exploit. The following is Beosin’s detailed analysis of this incident: #1 Overview The transaction initiation address exploited a logic flaw in the TreasureMarketplaceBuyer contract to obtain ERC-721 tokens at no cost by setting the totalPrice to zero through a vulnerability in the buyI...
BeosinAttacked 40 Times and Lost Around $1.7 Million: An analysis of Paraluni’s Exploit
On March 13, 2022, Beosin Eagle Eye reported that the Paraluni contract was hacked with a loss of about $1.7 million. Our security technical team has conducted a relevant analysis of this incident. #1 Overview Take the first attack transaction 0xd0b4a1d4964cec578516bd3a2fcb6d46cadefe1fea5a2f18eec4c0a496e696f9 as an example: Address list Attack address: 0x94bC1d555E63eEA23fE7FDbf937ef3f9aC5fcF8F Attack contract: 0x4770b5cb9d51EcB7AD5B14f0d4F2cEe8e5563645 ParaProxy: 0x633Fa755a83B015cCcDc451F82...
On April 10, 2022, according to the Beosin-Alert, Gymdefi’s LiquidityMigrationV2 contract was exploited for about 1,327 WBNB. Beosin security team analyzed the incident and the findings are shown below.
● Transaction hash: 0xa5b0246f2f8d238bb56c0ddb500b04bbe0c30db650e06a41e00b6a0fff11a7e5
● Exploiter’s address:
0x74298086c94dab3252c5dac979c9755c2eb08e49
● Contract that launched the attack:
0x4e284686fbcc0f2900f638b04c4d4b433c40a345
● Attacked contract:
0x1befe6f3f0e8edd2d4d15cae97baee01e51ea4a4
1. The attacker first withdraws 0.99655 BNB from Tornado.cash.
2. After deploying the attack contract, the attacker first borrows 2,400 WBNB from the WBNB-BUSD (0x58f8…dc16) transaction pool to the contract the attacker deployed in preparation for the subsequent steps.
3. Next, the attacker swaps 600 WBNB for 5,942,069.12 GYM in the GYM-WBNB (0x8dc0…91db) pool, then adds 1730 WBNB and 140W GYM to the GYM-WBNB pool to get 46,106.30 LP tokens.
4. After the liquidity is added, the attacker calls the migrate function in the LiquidityMigrationV2 contract through the attack contract to perform the migration. Since the actual prices of GYM and GYMNET tokens are not queried when the LiquidityMigrationV2 contract migrates, the amount of GYMs returned from the liquidity removal is directly passed in as the amount of GYMNETs added to the liquidity, and the attacker successfully swaps 46,106.30 LP (GYM-WBNB) tokens for 44,760.25 LP (GYMNET-WBNB) tokens.
5. The attacker then removes the liquidity and swaps the obtained 1,166,737.57 GYMNET for WBNB, and finally returns the flashloan and sends 1,327 WBNB to the exploiter’s own address.
The attack mainly exploits a token swap design vulnerability in the LiquidityMigrationV2 contract. When performing migration, the migrate function in the contract uses the data returned when removing liquidity from the GYM-WBNB pool as a direct parameter of adding liquidity to the GYMNET-WBNB pool.
After borrowing a large amount of funds through the flashloan, the attacker maliciously controls the ratio of GYM to WBNB in the GYM-WBNB transaction pool. The migrate function is then called to swap 1,400,000 GYM for 1,166,737.57 GYMNET. Based on the GYM and GYMNET prices at the time of the attack, the ratio of GYM to GYMNET is approximately 130:1.
From the transactions in the contract, it appears that the contract was suspended 9 days ago. However, a large number of GYMNET tokens still remain in the contract, which just gives the attacker an opportunity to take advantage of it.
As of now, the stolen funds have not been transferred out and 1,327 WBNB remain in the exploiter’s address.
In response to this incident, Beosin security team recommends:
Contracts that rely on external contract data must do a good job of data validation during the development phase.
Before the project goes live, make sure to choose a professional security audit company to conduct a comprehensive security audit.
Project owners must do a good job of monitoring the status of the project. Be sure to transfer funds to a secure address promptly in case of contract abandonment or anomalies.
Beosin can provide professional security audit services. For more details, please visit our official website or contact us via Twitter, Discord or Telegram, etc.
Website: https://beosin.com/
Email:contact@beosin.com
Twitter: https://twitter.com/Beosin_com
Telegram: https://t.me/beosin
Medium:https://medium.com/@Beosin
On April 10, 2022, according to the Beosin-Alert, Gymdefi’s LiquidityMigrationV2 contract was exploited for about 1,327 WBNB. Beosin security team analyzed the incident and the findings are shown below.
● Transaction hash: 0xa5b0246f2f8d238bb56c0ddb500b04bbe0c30db650e06a41e00b6a0fff11a7e5
● Exploiter’s address:
0x74298086c94dab3252c5dac979c9755c2eb08e49
● Contract that launched the attack:
0x4e284686fbcc0f2900f638b04c4d4b433c40a345
● Attacked contract:
0x1befe6f3f0e8edd2d4d15cae97baee01e51ea4a4
1. The attacker first withdraws 0.99655 BNB from Tornado.cash.
2. After deploying the attack contract, the attacker first borrows 2,400 WBNB from the WBNB-BUSD (0x58f8…dc16) transaction pool to the contract the attacker deployed in preparation for the subsequent steps.
3. Next, the attacker swaps 600 WBNB for 5,942,069.12 GYM in the GYM-WBNB (0x8dc0…91db) pool, then adds 1730 WBNB and 140W GYM to the GYM-WBNB pool to get 46,106.30 LP tokens.
4. After the liquidity is added, the attacker calls the migrate function in the LiquidityMigrationV2 contract through the attack contract to perform the migration. Since the actual prices of GYM and GYMNET tokens are not queried when the LiquidityMigrationV2 contract migrates, the amount of GYMs returned from the liquidity removal is directly passed in as the amount of GYMNETs added to the liquidity, and the attacker successfully swaps 46,106.30 LP (GYM-WBNB) tokens for 44,760.25 LP (GYMNET-WBNB) tokens.
5. The attacker then removes the liquidity and swaps the obtained 1,166,737.57 GYMNET for WBNB, and finally returns the flashloan and sends 1,327 WBNB to the exploiter’s own address.
The attack mainly exploits a token swap design vulnerability in the LiquidityMigrationV2 contract. When performing migration, the migrate function in the contract uses the data returned when removing liquidity from the GYM-WBNB pool as a direct parameter of adding liquidity to the GYMNET-WBNB pool.
After borrowing a large amount of funds through the flashloan, the attacker maliciously controls the ratio of GYM to WBNB in the GYM-WBNB transaction pool. The migrate function is then called to swap 1,400,000 GYM for 1,166,737.57 GYMNET. Based on the GYM and GYMNET prices at the time of the attack, the ratio of GYM to GYMNET is approximately 130:1.
From the transactions in the contract, it appears that the contract was suspended 9 days ago. However, a large number of GYMNET tokens still remain in the contract, which just gives the attacker an opportunity to take advantage of it.
As of now, the stolen funds have not been transferred out and 1,327 WBNB remain in the exploiter’s address.
In response to this incident, Beosin security team recommends:
Contracts that rely on external contract data must do a good job of data validation during the development phase.
Before the project goes live, make sure to choose a professional security audit company to conduct a comprehensive security audit.
Project owners must do a good job of monitoring the status of the project. Be sure to transfer funds to a secure address promptly in case of contract abandonment or anomalies.
Beosin can provide professional security audit services. For more details, please visit our official website or contact us via Twitter, Discord or Telegram, etc.
Website: https://beosin.com/
Email:contact@beosin.com
Twitter: https://twitter.com/Beosin_com
Telegram: https://t.me/beosin
Medium:https://medium.com/@Beosin
No activity yet