April 25, 2022
Beosin’s Analysis of the Wiener Doge Flash Loan Attack
On April 25, 2022, according to Beosin EagleEye, Wiener Doge Token has suffered a flash loan attack. Although the amount involved is small, Beosin still decides to share the the analysis as the exploitation flow is a typical one. The findings are shown below.
The hacker flashloaned 2,900 BNB, swapped 5,974,259,851,654 WDOGE tokens from the WDOGE and BNB transaction pairs, and then retransferred 4,979,446,261,701 tokens into the transaction pairs.
The hacker then called the skim function to re-withdraw the excess WDOGE tokens from the transaction pair, and due to the deflationary nature of the tokens, 199,177,850,468 tokens are burned off at the same time during the transfer of the transaction pair to the attack address.
At this point the k-value of the transaction pair had been destroyed, and the hacker used the remaining WDOGE tokens to successfully swap out 2,978 BNBs within the transaction pair and transferred the profited 78 $BNBs to the profited address.
As of this writing, the profited 78 BNBs still stay at the address 0x46ba8a59f4863bd20a066fd985b163235425b5f9.
In response to this incident, Beosin security team recommends:
In this attack, the hacker exploited the deflationary nature of the tokens by having the transaction pair burned off a portion of the transaction pair tokens during the skim, corrupting the calculation of the k-value. It is recommended that deflationary tokens try to include a fee exclusion for transaction pairs when interacting with them.
If you have need any blockchain security services, please contact us:
Related Project Secure Score
Guess you like
The Jump Satoshi Token $JST has a backdoor, users are urged to withdraw the funds ASAP
April 26, 2022
Beosin Has Completed Security Audit Service of TribeOne
April 25, 2022
How to Ensure the Security of NFT Under the Web 3.0 Boom?
April 24, 2022
$34M Locked Due to Contract Vulnerabilities in Akutar: Beosin’s Full Analysis
April 23, 2022