May 19, 2022

Analysis of Attack on Feminist Metaverse

On May 18th, 2022, according to the Beosin-Alert, Feminist Metaverse’s FmToken contract was exploited for about 1838 BNB (about 540,000 USD). Beosin security team analyzed the incident and the findings are shown below.

Feminist Metaverse is a Dao project on BSC chain。Official webiste: https://feministmetaverse.org/

Relevant Information

Transaction Hash:

0xfdc90e060004dd902204673831dce466dcf7e8519a79ccf76b90cd6c1c8b320d

Address of the hacker

0xaaA1634D669dd8aa275BAD6FdF19c7E3B2f1eF50

Contract that launched the hack

0x0B8d752252694623766DfB161e1944F233Bca10F

Victim Contract

0x843528746F073638C9e18253ee6078613C0df0f1

Exploitation Flow

1. the attacker address directly receives the FM_Token that is not credited to the liquidity pool through the skim function of the SakeSwapPair contract, probably also aware of the vulnerability in the FM_Token contract at this point.

2. Deploying the attack contract, which is used to speed up the extraction of FM_Token.

3. Transferring 10 FM_Tokens to the attack contract in preparation for the subsequent attack.

4. Invoking the attack contract, cyclically transferring FM_Token to the attacker’s address, triggering the operation of transferring FM_Token tokens from the FM_Token contract to SakeSwapPair, and finally extracting them to the attacker’s address through the skim function, with the following details.

4.1 Multiple transfers of small amounts of FM token to their own address using the created attack contract 0x0B8d…a10F.

4.2 Since the FM_Token contract balance has reached the standard 150,000 token for transferring to SakeSwapPair, each transfer triggers line 920 to increase the balance of FM token to SakeSwapPair. sakeSwapPair thus has a difference between token balance and reserve SakeSwapPair thus has a difference between token balance and reserve.

4.3 The attacker then calls the skim() function in SakeSwapPair to extract the difference in token balance to his own address.

5. Use pancakeswap to swap the FM token for the BNB

6. Repeat steps 4 and 5, and transfer the resulting 1838 BNBs to Tornado.cash

Vulnerability Analysis

This attack mainly exploits the fact that the balance is added to Pair directly, but not written to Pair’s ledger. The attacker transfers the coins held by the FmToken contract address to the Pair contract through multiple transfers, and in this process the tokens transferred are not recorded in Pair’s own ledger. Since the Pair contract does not sync the received tokens to reserve, the attacker directly transfers the corresponding coins to his account via skim and then sells them for profit.