Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Reproducible Foundry test fork from SunWeb3Sec/DeFiHackLabs. Clone the repo, run forge test against the file path above, and replay the exploit against a mainnet fork at the historical block. Use for reproduction only — not for live targets.
BNO suffered a flash loan attack on BNBChain, resulting in a loss of about $500,000 due to business logic problems. The root cause of the attack is a problem with the reward calculation mechanism in the pool that supports NFT and ERC20 token rights. The pool has an "emergencyWithdraw" function that allows users to withdraw their ERC20 token stake immediately. Crucially, however, this feature does not process or interpret NFT stake records. Attackers exploited this flaw by depositing NFTs and ERC20 tokens into a pool and then executing the "emergencyWithdraw" function specifically for their ERC20 tokens. By doing so, an attacker can bypass the reward calculation check, effectively manipulating the system to his advantage. Through this manipulation, an attacker is able to clear a user's "reward debt," earn undeserved rewards, and cause significant financial damage to the mining pool and its users. Attack method (per SlowMist): Flash Loan Attack. Reported loss: $ 500,000.
- chain
- —
- protocol
- BNO
- bug_class
- access-control
- date_occurred
- 2023-07-18
- loss_usd
- $500,000
- source_id
- sm:bno::2023-07-18