May 16, 2022
Beosin’s Detailed Analysis of FEGtoken Flashloan Attack
On May 16, 2022, Beosin EagleEye monitored that FEGtoken’s FEGexPRO contract on both Ethereum and BNB Chain was exploited for about 3,280 BNB and 144 ETH by a flashloan attack. Beosin security team analyzed the incident and the findings are shown below.
The FEGtoken project consists of the deflationary token FEG on Ethereum and BNB Chain and the FEGex multi-chain decentralized exchange. The official website: https://fegtoken.com
The attack contained multiple transactions, some of which are shown below.
0x77cf448ceaf8f66e06d1537ef83218725670d3a509583ea0d161533fda56c063 (BNB Chain)
0x818e2013dd7d9bf4547aaabf6b617c1262578bc7 (BNB Chain)
The exploitation flow is same on Ethereum and BNB Chain, and the following analysis is based on BNB Chain.
1. The hacker calls the attack contract (0x9a84…. .f445) to flashloan 915.84 WBNB from the DVM contract (0xd534… .0dd7), and then converts 116.81 WBNB into 115.65 fWBNB to prepare for the subsequent attack.
2. The hacker used the attack contract to create 10 contracts.
3. The hacker then stakes the redeemed fWBNB tokens to the FEGexPRO contract (0x818e…8bc7).
4. Then the hacker repeatedly calls the depositInternal and swapToSwap functions to let the FEGexPRO contract approve fBNB to the other contracts previously deployed.
5. Then the transferFrom function is called using other attack contracts to transfer all the fBNBs in the FEGexPRO contract to the attack contract (0x9a84….f445).
6. Next borrow 31,217,683,882,286.007211154 FEG tokens and 423 WBNB from LP trading pair contract (0x2aa7.. .6c14).
7. Repeat steps 3, 4 and 5 to steal a large amount of FEG tokens from the FEGexPRO contract into the attack contract.
8. Then return the flashloan and transfer the obtained WBNB to the attack contract to complete this attack.
9. More than 50 identical attacks have been executed using the same method, with a total profit of about 144 ETH and 3280 BNB.
This attack mainly exploits the vulnerability that the path address in the swapToSwap function of the FEGexPRO contract can be controlled and the validity of the path address is not verified in the contract. Since the contract depends on the current token balance in the contract when updating the user balance in the depositInternal function, the attacker is able to pass in a malicious path address and the token balance in the contract will not change when the swapToSwap function is called, allowing the attacker to repeatedly reset the number of tokens recorded by the attack contract in the FEGexPRO contract, thus allowing the FEGexPRO contract to repeatedly approve its tokens to multiple malicious contracts controlled by the attacker.
As of this writing, the stolen funds are still at the attacker’s address (0x73b3…. .ff7c) without being transferred out.
In response to this incident, Beosin security team recommends:
1. When developing a project, attention should be paid to possible security risks when interacting with other contracts, and try to avoid setting key parameters to be controllable by the user. If the business requirements are such, the parameters input by the user need to be strictly judged as risky or not.
2. Before the project goes live, it is highly recommended to choose a professional security audit company for a comprehensive security audit to avoid security risks.
If you have need any blockchain security services, please contact us:
Related Project Secure Score
Guess you like
Beosin Has Completed Security Audit Service of Clip Protocol
July 25, 2022
What is the impact on Web3 after LUNA’s crash and DeFi “fled” ?
May 13, 2022
Beosin’s Detailed Analysis of Fortress’s Oracle Manipulation Attack
May 09, 2022
Beosin Has Completed Security Audit Service of Alpha Quark: No Critical
May 05, 2022