Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Reproducible Foundry test fork from SunWeb3Sec/DeFiHackLabs. Clone the repo, run forge test against the file path above, and replay the exploit against a mainnet fork at the historical block. Use for reproduction only — not for live targets.
he Uwerx network was attacked and lost about 174.78 ETH. According to the analysis of SlowMist, the root cause is that when the receiving address is uniswapPoolAddress (0x01), it will burn off 1% more tokens of the transfer amount of the from address, so the attacker uses the skim function of the uniswapv2 pool to consume a large number of WERX tokens, and then calls the sync function to maliciously inflate the price of the token, and then reverses the swap to extract the ETH to gain profit. Attack method (per SlowMist): Price Manipulation. Reported loss: $ 324,000.
- chain
- —
- protocol
- Uwerx network
- bug_class
- oracle
- date_occurred
- 2023-08-02
- loss_usd
- $324,000
- source_id
- sm:uwerx-network::2023-08-02