VERDICT —UNRATED
Verdict pending. Auto-ingested incidents are reviewed before a public verdict is rendered.
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Forensic narrative
In October 2024, Cryptobottle on Polygon suffered three separate attacks, with total losses amounting to approximately $527,000. The attack on October 24 was the largest of the three, where the attacker exploited a critical vulnerability to disable the balance check in the swap() method after a callback. This allowed them to make arbitrary swaps to acquire a large amount of NAS tokens, which they then sold, resulting in a loss of around $490,000 for the project. Attack method (per SlowMist): Contract Vulnerability. Reported loss: $ 527,000.
Primary source
https://polygonscan.com/tx/0x115203d01c2e95d8c3585ec5c561bc7e40425f2a7c019abb1f3fc498cf451f90 ↗Sourced from
slowmist
Technical record
- chain
- polygon
- protocol
- Cryptobottle
- bug_class
- logic
- date_occurred
- 2024-10-24
- loss_usd
- $527,000
- source_id
- sm:cryptobottle::2024-10-24
Related — same bug class· logic