VERDICT —UNRATED
Verdict pending. Auto-ingested incidents are reviewed before a public verdict is rendered.
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Forensic narrative
The treasure swap project was attacked. The attacker only used 0.000000000000000001 WETH to exchange all the WETH tokens in the transaction pool. The reverse of the source code found that the swap function of the attacked contract lacked the K value check. At present, the attacker has completed the attack on the two contracts 0xe26e436084348edc0d5c7244903dd2cd2c560f88 and 0x96f6eb307dcb0225474adf7ed3af58d079a65ec9, and accumulated a profit of 3,945 BNB. Attack method (per SlowMist): K-value Verification Vulnerability. Reported loss: 3,945 BNB.
Sourced from
slowmist
Technical record
- chain
- —
- protocol
- treasure swap
- bug_class
- accounting
- date_occurred
- 2022-06-11
- loss_usd
- —
- source_id
- sm:treasure-swap::2022-06-11
Related — same bug class· accounting