Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Reproducible Foundry test fork from SunWeb3Sec/DeFiHackLabs. Clone the repo, run forge test against the file path above, and replay the exploit against a mainnet fork at the historical block. Use for reproduction only — not for live targets.
The New Free Dao project on the BSC chain suffered a flash loan attack. According to SlowMist analysis, the main reason for this attack is that the way of calculating rewards in the contract is too simple, and it only depends on the balance of the caller, which leads to arbitrage by flash loans. Attack method (per SlowMist): Contract Vulnerability. Reported loss: 4,481 WBNB.
- chain
- bsc
- protocol
- New Free Dao
- bug_class
- flashloan
- date_occurred
- 2022-09-08
- loss_usd
- —
- source_id
- sm:new-free-dao::2022-09-08