April 25, 2022

Beosin’s Analysis of the Wiener Doge Flash Loan Attack

On April 25, 2022, according to Beosin EagleEye, Wiener Doge Token has suffered a flash loan attack. Although the amount involved is small, Beosin still decides to share the the analysis as the exploitation flow is a typical one. The findings are shown below.

Relevant Information

Transaction hash:


Hacker address:


Profited address:


Exploitation Flow

The hacker flashloaned 2,900 BNB, swapped 5,974,259,851,654 WDOGE tokens from the WDOGE and BNB transaction pairs, and then retransferred 4,979,446,261,701 tokens into the transaction pairs.

The hacker then called the skim function to re-withdraw the excess WDOGE tokens from the transaction pair, and due to the deflationary nature of the tokens, 199,177,850,468 tokens are burned off at the same time during the transfer of the transaction pair to the attack address.

At this point the k-value of the transaction pair had been destroyed, and the hacker used the remaining WDOGE tokens to successfully swap out 2,978 BNBs within the transaction pair and transferred the profited 78 $BNBs to the profited address.

Fund Tracing

As of this writing, the profited 78 BNBs still stay at the address 0x46ba8a59f4863bd20a066fd985b163235425b5f9.


In response to this incident, Beosin security team recommends:

In this attack, the hacker exploited the deflationary nature of the tokens by having the transaction pair burned off a portion of the transaction pair tokens during the skim, corrupting the calculation of the k-value. It is recommended that deflationary tokens try to include a fee exclusion for transaction pairs when interacting with them.

If you have need any blockchain security services, please contact us:

Website Email Official Twitter Alert Telegram LinkedIn

Related Project

Related Project Secure Score

Guess you like
Learn More
  • The Jump Satoshi Token $JST has a backdoor, users are urged to withdraw the funds ASAP

    April 26, 2022

  • Beosin Has Completed Security Audit Service of TribeOne

    April 25, 2022

  • How to Ensure the Security of NFT Under the Web 3.0 Boom?

    April 24, 2022

  • $34M Locked Due to Contract Vulnerabilities in Akutar: Beosin’s Full Analysis

    April 23, 2022

Join the community to discuss.