Monitored on-chain attack events against SATX Tokenhttps://bscscan.com/tx/0x7e02ee7242a672fb84458d12198fae4122d7029ba64f3673e7800d811a8de93f
The hacker launched two attacks in total:
failed because no BNB was transferred when the attack contract was called, resulting in the failure of the BNB to WBNB exchange transaction to be rolled back.
The second attack was successful.
The initial funds of the hacker all came from TornadoCash
Interestingly, the attacker's attack contract function is named f***you.
First, the attacker exchanged 0.001 WBNB for 13.397690168956297175 SATX through PancakeSwap. Then, use PancakeSwap Pair WBNB-CAKE to exchange 60 WBNB.
Then, in the callback function, use 0.0001 WBNB to exchange for 350018.558642186154111639 SATX (and 52 WBNB is transferred in the callback function).
Then, the exchanged 350018.558642186154111639 SATX was transferred to PancakeSwap Pair WBNB-SATX, resulting in an imbalance of funds. Then, the attacker completed the exploitation of the vulnerability by calling skim and sync to balance the funds.
From the above picture, we can see that 350018.558642186154111639 SATX should have been transferred out of PancakeSwap Pair through skim to balance the funds, but twice as much SATX was transferred.
By looking at the code of the SATX Token contract, we can see this code in transfer. First, amount is transferred to _tokenOwner. Next, 2.99% of amount is transferred to the SATX Token contract, and 97.01% of amout is divided by 10% of 1,000,000, and 9% and 8.3% are transferred to the three EOAs respectively.
It is equivalent to transferring out about double the SATX, which leads to a sharp drop in the SATX in PancakeSwap Pair WBNB-SATX. Since PancakeSwapV2 uses CPMM as the AMM algorithm, it is equivalent to a surge in the value of SATX.
Before executing skim, 1 WBNB=13844 SATX, and after executing skim, 1 WBNB=33 SATX. The value of SATX has soared by more than 600 times.
Then, the attacker used the SATX in his hand to exchange for WBNB through swap. Through this attack, the attacker made a total profit of about 50BNB.
At 22:00 Hong Kong time on the 23rd, Federal Reserve Chairman Powell delivered an important speech on the US economy and the Federal Reserve's monetary policy at the Jackson Hole Global Central Bank Annual Meeting.
JinseFinanceCrypto user Michael lost the wallet password for 43.6 bitcoins stored in 2013, then worth only $5,300, now nearly $3 million. With the help of hardware hacker Joe Grand and his friend Bruno, they discovered an exploitable vulnerability and successfully cracked the password.
WeiliangThere are also a bunch of concepts: Work Token, Token Forking, slashing-by-forking, and Intersubjective staking.
JinseFinanceThis is the magical thing about the blockchain field: innovation and iteration are very strong and fast.
JinseFinanceMEME plays an integral role in driving awareness and participation in Web3 projects because of its ability to reach widespread dissemination across language and cultural barriers at very low cost.
JinseFinanceThe Web3 Summit Dubai, which will be held on April 16-17, 2024, is regarded as a key event in the digital and financial technology sector.
JinseFinanceIn a detailed lawsuit, Musk accused Altman and other defendants of violating OpenAI's founding agreement, which aims to develop non-profit AI technology that benefits all mankind.
JinseFinanceWord Breeze, a word game for iOS and Android, lets you earn Bitcoin through letter unscrambling. Despite enjoyable gameplay, frequent ads impact overall earnings, requiring a balance for enthusiasts.
Xu LinThis series of articles will provide an in-depth analysis of the Telegram Bot track and is divided into two articles. The first article is a summary of the track overview, and the second article is a summary of the targets.
JinseFinanceNew crypto words are being enshrined into the book of language.
Bitcoinist