Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Reproducible Foundry test fork from SunWeb3Sec/DeFiHackLabs. Clone the repo, run forge test against the file path above, and replay the exploit against a mainnet fork at the historical block. Use for reproduction only — not for live targets.
The TokenStakingPoolDelegate contract updated by BXH after the last attack suffered another flash loan attack. The contract lost 40,085 USDT, and the attacker made a profit of 31,794 USDT after paying off the flash loan fee. After analysis, this attack is caused by the use of getReserves() in the contract's getITokenBonusAmount function to obtain the instantaneous quotation, so that the attacker can make a profit by manipulating the quotation. Attack method (per SlowMist): Flash Loan Attack. Reported loss: 40,085 USDT.
- chain
- —
- protocol
- BXH
- bug_class
- flashloan
- date_occurred
- 2022-09-28
- loss_usd
- —
- source_id
- sm:bxh::2022-09-28