Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
The whaleswap.finance project was attacked, and at least 5946 BUSD and 5964 USDT were lost. The reason may be that there is a problem with the K value verification of the whaleswap.finance Pair contract. Whenever the user exchanges, there is a problem with the parameter magnitude passed in the K value verification, which causes the K value verification to fail. The attacker first borrows a BSC-USD through a flash loan, and then returns the flash loan when the K value verification parameter is on the order of 10000^4. The parameter verification level used in the K value verification is 10000^2, which causes the K verification to fail. Attack method (per SlowMist): K value verification vulnerability. Reported loss: 5946 BUSD+5964 USDT.
- chain
- bsc
- protocol
- whaleswap.finance
- bug_class
- flashloan
- date_occurred
- 2022-06-21
- loss_usd
- —
- source_id
- sm:whaleswap-finance::2022-06-21