April 18, 2022

2omb 3omb is currently being targeted by an arbitrage flash loan attack.

1/6 @_2omb suffered a series of flashloan attacks. We take one of the transactions (0xb134f5d0609863aeaab8b8aeb77765a7a0f1e6a379c27455845e46d2261c46a9) as an example to show the key steps.

2/6 Flashloan 139,504 2omb tokens in uniswap’s 2omb-wftm trading pair and send them to the attack contract 0x77a5d0cdd1f4069747d9236b50f09f34b6d5b378.

3/6 Use the attack contract to split the funds, and swap in RedemptionPair (0x5D59cDaB08C8BbE4986173a628f8305D52B1b4AE) for multiple times.

4/6 Since in the RedemptionPair contract, the swap is done before the payment is made to the fee address, the attack contract did not lose any tokens by using 2omb to

swap for 2omb. Instead, the price of 2omb in RedemptionPair is getting higher.

5/6 Finally swap all the profited 2omb for ~26,559 wftm, of which 23,556 to repay the flashloan, and the net profit is ~3,002 wftm.

6/6 We suggest AMM to remove liquidity as soon as possible to prevent further losses.

If you have need any blockchain security services, please contact us:

Website Email Official Twitter Alert Telegram LinkedIn

Related Project

Related Project Secure Score

Guess you like
Learn More
  • Beosin’s Analysis of the 2omb Flash Loan Attack

    April 19, 2022

  • Beosin’s Analysis of the Beanstalk Exploit

    April 18, 2022

  • Beosin VaaS — Smart Contract Automatic Detection Tool Officially Launched!

    April 14, 2022

  • Beosin Blockchain Security Ecosystem Overview in Q1 2022

    April 14, 2022

Join the community to discuss.