On July 18, 2023 Beijing time, Ocean BNO was attacked by a flash loan attack, and the attacker has profited about $500,000.
SharkTeam conducted a technical analysis of the incident in a timely manner and summarized security measures. It is hoped that future projects can learn from this and build a security defense line in the blockchain industry.
I. Incident Analysis
Attacker address:
- The Combination of DEPIN and ARWEAVE Creating a Physical World Avatar
- Why does Sui’s on-chain transaction volume surpass Solana and is 20 times that of Ethereum?
- Opinion UniswapX will change the game rules of DEX, MEV, and interoperability.
0xa6566574edc60d7b2adbacedb71d5142cf2677fb
Attack contract:
0xd138b9a58d3e5f4be1cd5ec90b66310e241c13cd
Contract under attack:
0xdCA503449899d5649D32175a255A8835A03E4006
Attack transaction:
0x33fed54de490797b99b2fc7a159e43af57e9e6bdefc2c2d052dc814cfe0096b9
Attack process:
(1) The attacker (0xa6566574) borrowed 286,449 BNO through LianGuaincakeSwap flash loan.
(2) Then, the stakeNft function of the contract under attack (0xdCA50344) was called to stake two NFTs.
(3) Then, the pledge function of the contract under attack (0xdCA50344) was called to stake 277,856 BNO coins.
(4) The emergencyWithdraw function of the contract under attack (0xdCA50344) was called to withdraw all BNO.
(5) Then, the unstakeNft function of the contract under attack (0xdCA50344) was called to retrieve the two staked NFTs and receive additional BNO tokens.
(6) Repeat the above process to continuously obtain additional BNO tokens.
(7) Finally, after returning the flash loan, all BNO tokens were exchanged for 50.5W BUSD tokens to make a profit and exit.
II. Vulnerability Analysis
The root cause of this attack is that there are problems with the interaction logic between the reward calculation mechanism and the emergency withdrawal function in the contract under attack (0xdCA50344), which allows users to receive an additional reward token after withdrawing the principal.
The contract provides the emergencyWithdraw function for emergency token withdrawal, and it clears the attacker’s total staked amount (allstake) and total debt (rewardDebt), but it does not clear the attacker’s nftAddition variable, which is also calculated based on the allstake variable.
In the unstakeNft function, the current reward for the user is still calculated. In the case where the nftAddition variable is not zeroed, the pendingFit function will still return an additional BNO reward value, resulting in the attacker obtaining extra BNO tokens.
III. Security Recommendations
In response to this attack incident, the following precautions should be followed during the development process:
(1) When calculating rewards, verify whether the user has withdrawn the principal.
(2) Before the project goes live, seek technical assistance from third-party professional audit teams.
Like what you're reading? Subscribe to our top stories.
We will continue to update Gambling Chain; if you have any questions or suggestions, please contact us!
