VERDICT —UNRATED
Verdict pending. Auto-ingested incidents are reviewed before a public verdict is rendered.
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Forensic narrative
Impossible Finance, the DeFi protocol on the BSC chain, was attacked by a lightning loan, and the attacker made a profit of 1,510.75 WBNB (a total of US$497,000). On June 25, the attackers refunded approximately $252,000. The core of this attack is that the K value check is not performed in the cheapSwap function, which causes the attacker to obtain additional tokens by performing multiple exchange operations in one exchange process. Attack method (per SlowMist): Flash Loan Attack. Reported loss: $ 245,000.
Sourced from
slowmist
Technical record
- chain
- bsc
- protocol
- Impossible Finance
- bug_class
- flashloan
- date_occurred
- 2021-06-21
- loss_usd
- $245,000
- source_id
- sm:impossible-finance::2021-06-21
Related — same bug class· flashloan