Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Reproducible Foundry test fork from SunWeb3Sec/DeFiHackLabs. Clone the repo, run forge test against the file path above, and replay the exploit against a mainnet fork at the historical block. Use for reproduction only — not for live targets.
According to intelligence from the SlowMist Security Team, the YIEDL project on the BSC chain was attacked, with the attacker stealing approximately $300,000. In this incident, the reason lies in the contract’s failure to adequately validate the external parameter(dataList) provided by the user during the processing of the redeem function call. This parameter is critical data for controlling asset exchanges, typically containing specific transaction instructions or routing information. The attacker maliciously constructed this external parameter, enabling unauthorized asset transfers. Attack method (per SlowMist): Contract Vulnerability. Reported loss: $ 300,000.
- chain
- bsc
- protocol
- YIEDL
- bug_class
- access-control
- date_occurred
- 2024-04-25
- loss_usd
- $300,000
- source_id
- sm:yiedl::2024-04-25