Beosin2omb 3omb is currently being targeted by an arbitrage flash loan attack.
1/6 @_2omb suffered a series of flashloan attacks. We take one of the transactions (0xb134f5d0609863aeaab8b8aeb77765a7a0f1e6a379c27455845e46d2261c46a9) as an example to show the key steps. 2/6 Flashloan 139,504 2omb tokens in uniswap’s 2omb-wftm trading pair and send them to the attack contract 0x77a5d0cdd1f4069747d9236b50f09f34b6d5b378.3/6 Use the attack contract to split the funds, and swap in RedemptionPair (0x5D59cDaB08C8BbE4986173a628f8305D52B1b4AE) for multiple times. 4/6 Since in the R...
BeosinBeosin’s Analysis of the Arbitrum-based TreasureDAO exploit: Almost all Hacked NFTs Have been Return…
Beosin Eagle Eye reported that on March 3, 2022, Arbitrum-based marketplace TreasureDAO was exploited and over 100 NFTs were stolen. However, almost all hacked NFTs have been returned after a few hours of this exploit. The following is Beosin’s detailed analysis of this incident: #1 Overview The transaction initiation address exploited a logic flaw in the TreasureMarketplaceBuyer contract to obtain ERC-721 tokens at no cost by setting the totalPrice to zero through a vulnerability in the buyI...
BeosinAttacked 40 Times and Lost Around $1.7 Million: An analysis of Paraluni’s Exploit
On March 13, 2022, Beosin Eagle Eye reported that the Paraluni contract was hacked with a loss of about $1.7 million. Our security technical team has conducted a relevant analysis of this incident. #1 Overview Take the first attack transaction 0xd0b4a1d4964cec578516bd3a2fcb6d46cadefe1fea5a2f18eec4c0a496e696f9 as an example: Address list Attack address: 0x94bC1d555E63eEA23fE7FDbf937ef3f9aC5fcF8F Attack contract: 0x4770b5cb9d51EcB7AD5B14f0d4F2cEe8e5563645 ParaProxy: 0x633Fa755a83B015cCcDc451F82...
Beosin is a leading global blockchain security brand co-founded by several professors from world-renowned universities.
Beosin2omb 3omb is currently being targeted by an arbitrage flash loan attack.
1/6 @_2omb suffered a series of flashloan attacks. We take one of the transactions (0xb134f5d0609863aeaab8b8aeb77765a7a0f1e6a379c27455845e46d2261c46a9) as an example to show the key steps. 2/6 Flashloan 139,504 2omb tokens in uniswap’s 2omb-wftm trading pair and send them to the attack contract 0x77a5d0cdd1f4069747d9236b50f09f34b6d5b378.3/6 Use the attack contract to split the funds, and swap in RedemptionPair (0x5D59cDaB08C8BbE4986173a628f8305D52B1b4AE) for multiple times. 4/6 Since in the R...
BeosinBeosin’s Analysis of the Arbitrum-based TreasureDAO exploit: Almost all Hacked NFTs Have been Return…
Beosin Eagle Eye reported that on March 3, 2022, Arbitrum-based marketplace TreasureDAO was exploited and over 100 NFTs were stolen. However, almost all hacked NFTs have been returned after a few hours of this exploit. The following is Beosin’s detailed analysis of this incident: #1 Overview The transaction initiation address exploited a logic flaw in the TreasureMarketplaceBuyer contract to obtain ERC-721 tokens at no cost by setting the totalPrice to zero through a vulnerability in the buyI...
BeosinAttacked 40 Times and Lost Around $1.7 Million: An analysis of Paraluni’s Exploit
On March 13, 2022, Beosin Eagle Eye reported that the Paraluni contract was hacked with a loss of about $1.7 million. Our security technical team has conducted a relevant analysis of this incident. #1 Overview Take the first attack transaction 0xd0b4a1d4964cec578516bd3a2fcb6d46cadefe1fea5a2f18eec4c0a496e696f9 as an example: Address list Attack address: 0x94bC1d555E63eEA23fE7FDbf937ef3f9aC5fcF8F Attack contract: 0x4770b5cb9d51EcB7AD5B14f0d4F2cEe8e5563645 ParaProxy: 0x633Fa755a83B015cCcDc451F82...
Beosin is a leading global blockchain security brand co-founded by several professors from world-renowned universities.
Subscribe to Beosin
Subscribe to Beosin
Share Dialog
Share Dialog
<100 subscribers
<100 subscribers
On April 18th, 2022, according to Beosin-Eagle Eye, 2omb’s contract on FTM has suffered a flashloan attack, leading to a gain of 74246.54966 WFTM for the hacker. Beosin security team analyzed the incident and the findings are shown below.
2omb Introduction
2|3omb is part of the Fantom Network ($FTM). 2|3omb provides both use cases and liquidity to the Fantom Network. The official website is https://2omb.finance/.
Relevant Information
Transaction hash:
(Over 70 repeated attacks were conducted; only one representative transaction is listed here)
0xb134f5d0609863aeaab8b8aeb77765a7a0f1e6a379c27455845e46d2261c46a9
Exploiter’s address:
0xd106bb2f7b4bf6ffa12c2db1cbd0d3c25ee18ef9
Contract that launched the hack:
0x77a5d0cdd1f4069747d9236b50f09f34b6d5b378
Victim contract:
0x5D59cDaB08C8BbE4986173a628f8305D52B1b4AE
Exploitation Flow
1. Flashloan 139,504 2omb tokens in uniswap’s 2omb-wftm trading pair and send them to the attack contract 0x77a5d0cdd1f4069747d9236b50f09f34b6d5b378.
2. Use the attack contract to split the funds, and swap in RedemptionPair (0x5D59cDaB08C8BbE4986173a628f8305D52B1b4AE) for multiple times.
3. Since in the RedemptionPair contract, the controllerFee will be paid to the controllerFee address only after the swap, the attack contract did not lose any tokens by using 2omb to swap for 2omb (the swap fee is 0). Instead, the price of 2omb in RedemptionPair is getting higher.
4. Swap all the profited 2omb for 26,559.086209850721855366 wftm, of which 23,556 to repay the flashloan, and the net profit is 3,002.210020110719894505 wftm.
5. Repeat the above steps.
Vulnerability Analysis
This attack mainly exploits the vulnerability that the swap fee rate in the RedemptionPair contract is 0 and the controllerFee fee collection occurs after the swap is completed. The amountOut of the user exchange is not affected by the controllerFee fee while the reserve in the contract is reduced, thus affecting the price.
Fund Tracing
As of this writing, the stolen funds are estimated to be 74246.54966 WFTM, or about $81,671.
Summary
In response to this incident, Beosin security team recommends:
The handling fee is usually paid by the user and occurs before the user’s swap. When modifying the handling fee rate, attention should be paid to whether the modified value is reasonable and whether the process is safe.
Before the project goes live, it is highly recommended to choose a professional security audit company to conduct a comprehensive security audit to avoid security risks.
If you have need any blockchain security services, please contact us:
On April 18th, 2022, according to Beosin-Eagle Eye, 2omb’s contract on FTM has suffered a flashloan attack, leading to a gain of 74246.54966 WFTM for the hacker. Beosin security team analyzed the incident and the findings are shown below.
2omb Introduction
2|3omb is part of the Fantom Network ($FTM). 2|3omb provides both use cases and liquidity to the Fantom Network. The official website is https://2omb.finance/.
Relevant Information
Transaction hash:
(Over 70 repeated attacks were conducted; only one representative transaction is listed here)
0xb134f5d0609863aeaab8b8aeb77765a7a0f1e6a379c27455845e46d2261c46a9
Exploiter’s address:
0xd106bb2f7b4bf6ffa12c2db1cbd0d3c25ee18ef9
Contract that launched the hack:
0x77a5d0cdd1f4069747d9236b50f09f34b6d5b378
Victim contract:
0x5D59cDaB08C8BbE4986173a628f8305D52B1b4AE
Exploitation Flow
1. Flashloan 139,504 2omb tokens in uniswap’s 2omb-wftm trading pair and send them to the attack contract 0x77a5d0cdd1f4069747d9236b50f09f34b6d5b378.
2. Use the attack contract to split the funds, and swap in RedemptionPair (0x5D59cDaB08C8BbE4986173a628f8305D52B1b4AE) for multiple times.
3. Since in the RedemptionPair contract, the controllerFee will be paid to the controllerFee address only after the swap, the attack contract did not lose any tokens by using 2omb to swap for 2omb (the swap fee is 0). Instead, the price of 2omb in RedemptionPair is getting higher.
4. Swap all the profited 2omb for 26,559.086209850721855366 wftm, of which 23,556 to repay the flashloan, and the net profit is 3,002.210020110719894505 wftm.
5. Repeat the above steps.
Vulnerability Analysis
This attack mainly exploits the vulnerability that the swap fee rate in the RedemptionPair contract is 0 and the controllerFee fee collection occurs after the swap is completed. The amountOut of the user exchange is not affected by the controllerFee fee while the reserve in the contract is reduced, thus affecting the price.
Fund Tracing
As of this writing, the stolen funds are estimated to be 74246.54966 WFTM, or about $81,671.
Summary
In response to this incident, Beosin security team recommends:
The handling fee is usually paid by the user and occurs before the user’s swap. When modifying the handling fee rate, attention should be paid to whether the modified value is reasonable and whether the process is safe.
Before the project goes live, it is highly recommended to choose a professional security audit company to conduct a comprehensive security audit to avoid security risks.
If you have need any blockchain security services, please contact us:
No activity yet