Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Reproducible Foundry test fork from SunWeb3Sec/DeFiHackLabs. Clone the repo, run forge test against the file path above, and replay the exploit against a mainnet fork at the historical block. Use for reproduction only — not for live targets.
APEDAO on the BNB chain was attacked and the loss was approximately $7,000. The attacker transferred APEDAO to the pair contract. The APEDAO contract mistook the attacker's behavior as a selling operation and gradually accumulated a value named "amountToDead". The attacker repeatedly transferred APEDAO and then used the skim function to withdraw excess tokens. Eventually, the attacker calls the godead function to destroy APEDAO held in the pairing contract, causing the token price to rise. Attack method (per SlowMist): Contract Vulnerability. Reported loss: $ 7,000.
- chain
- bsc
- protocol
- APEDAO
- bug_class
- logic
- date_occurred
- 2023-07-18
- loss_usd
- $7,000
- source_id
- sm:apedao::2023-07-18