Buy Crypto
Pay with
USD
USD
Buy & Sell
Hot
Supports Visa, MasterCard, SEPA & more
P2P
0 Fees
Flexible trading, zero fees
Gate Card
Use your crypto for payments worldwide
Markets
Trade
Basic
Advanced
Futures
Futures
Access hundreds of perpetual contracts
TradFi
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Earn
Launch
CandyDrop
tag
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Launchpad
Be early to the next big token project
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
Investment
Square
Square
Post, share, and explore crypto trends
Live
moments live
Live crypto market analysis
Chat
Chat with crypto traders
News
What is happening in crypto
flower_head
More
Promotions
AI
Diğerleri
TradFi
Rewards

Principle analysis of BNO attack event

金色财经_

On July 18, 2023, Beijing time, Ocean BNO suffered a flash loan attack, and the attacker has made a profit of about 500,000 US dollars.

20230718161919783image.png

SharkTeam conducted a technical analysis of this incident for the first time, and summarized the security precautions, hoping that follow-up projects can learn from it and jointly build a security defense line for the blockchain industry.

1. Event Analysis

Attacker address:

0xa6566574edc60d7b2adbacedb71d5142cf2677fb

Attack contract:

0xd138b9a58d3e5f4be1cd5ec90b66310e241c13cd

Attacked contract:

0xdCA503449899d5649D32175a255A8835A03E4006

Attack transactions:

0x33fed54de490797b99b2fc7a159e43af57e9e6bdefc2c2d052dc814cfe0096b9

Attack process:

(1) The attacker (0xa6566574) borrowed 286,449 BNOs through pancakeSwap flash loan.

20230718161449018image.png

(2) Then call the stakeNft function of the attacked contract (0xdCA50344) to pledge two nft.

20230718161457306image.png

(3) Then call the pledge function of the attacked contract (0xdCA50344) to pledge 277856 BNO coins.

20230718161633397image.png

(4) Call the emergencyWithdraw function of the attacked contract (0xdCA50344) to extract all BNO

20230718161641122image.png

(5) Then call the unstakeNft function of the attacked contract (0xdCA50344), retrieve the two pledged nft and receive additional BNO tokens.

20230718161732948image.png

(6) Repeat the above process to continuously obtain additional BNO tokens

20230718161752651image.png

(7) After repaying the flash loan, exchange all BNO tokens for 50.5W BUSD and leave the market with a profit.

20230718161800166image.png

Second, vulnerability analysis

The root cause of this attack is: there is a problem with the reward calculation mechanism and the interaction logic of the emergency withdrawal function in the attacked contract (0xdCA50344), which causes the user to get an additional reward token after withdrawing the principal.

20230718161812689image.png

20230718161820027image.png

The contract provides the emergencyWithdraw function for emergency withdrawal of tokens, and clears the attacker’s allstake total mortgage and rewardDebt total debt, but does not clear the attacker’s nftAddition variable, and the nftAddition variable is also calculated through the allstake variable.

20230718161834850image.png

In the unstakeNft function, the user’s current reward will still be calculated, and if the nftAddition variable is not reset to zero, the pendingFit function will still return an additional BNO reward value, causing the attacker to obtain additional BNO tokens.

20230718161842539image.png

Third, Security Recommendations

In response to this attack, we should follow the following precautions during the development process:

(1) When calculating rewards, verify whether the user has withdrawn the principal.

(2) Before the project goes online, it is necessary to seek technical assistance from a third-party professional audit team.

View Original
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to Disclaimer.
Comment
0/400
No comments