Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Reproducible Foundry test fork from SunWeb3Sec/DeFiHackLabs. Clone the repo, run forge test against the file path above, and replay the exploit against a mainnet fork at the historical block. Use for reproduction only — not for live targets.
Shortly after the deployment of the FENGSHOU (NGFS) token, it was attacked, resulting in a loss of approximately $191,000. The vulnerability lies in a public `delegateCallReserves` function which allows the attacker to set an arbitrary address to a UniSwapV2 proxy. Attack method (per SlowMist): Contract Vulnerability. Reported loss: $ 191,000.
- chain
- —
- protocol
- FENGSHOU (NGFS)
- bug_class
- delegatecall
- date_occurred
- 2024-04-25
- loss_usd
- $191,000
- source_id
- sm:fengshou-ngfs-::2024-04-25