May 16, 2022

Beosin’s Detailed Analysis of FEGtoken Flashloan Attack

On May 16, 2022, Beosin EagleEye monitored that FEGtoken’s FEGexPRO contract on both Ethereum and BNB Chain was exploited for about 3,280 BNB and 144 ETH by a flashloan attack. Beosin security team analyzed the incident and the findings are shown below.

FEGtoken Introduction

The FEGtoken project consists of the deflationary token FEG on Ethereum and BNB Chain and the FEGex multi-chain decentralized exchange. The official website: https://fegtoken.com

Relevant Information

The attack contained multiple transactions, some of which are shown below.

Transaction hash:

0x77cf448ceaf8f66e06d1537ef83218725670d3a509583ea0d161533fda56c063 (BNB Chain)

0x1e769a59a5a9dabec0cb7f21a3e346f55ae1972bb18ae5eeacdaa0bc3424abd2 (Ethereum)

Hacker address:

0x73b359d5da488eb2e97990619976f2f004e9ff7c

Hacker contract:

0x9a843bb125a3c03f496cb44653741f2cef82f445

Victim contract:

0x818e2013dd7d9bf4547aaabf6b617c1262578bc7 (BNB Chain)

0xf2bda964ec2d2fcb1610c886ed4831bf58f64948 (Ethereum)

Exploitation Flow

The exploitation flow is same on Ethereum and BNB Chain, and the following analysis is based on BNB Chain.

1. The hacker calls the attack contract (0x9a84…. .f445) to flashloan 915.84 WBNB from the DVM contract (0xd534… .0dd7), and then converts 116.81 WBNB into 115.65 fWBNB to prepare for the subsequent attack.

2. The hacker used the attack contract to create 10 contracts.

3. The hacker then stakes the redeemed fWBNB tokens to the FEGexPRO contract (0x818e…8bc7).

4. Then the hacker repeatedly calls the depositInternal and swapToSwap functions to let the FEGexPRO contract approve fBNB to the other contracts previously deployed.

5. Then the transferFrom function is called using other attack contracts to transfer all the fBNBs in the FEGexPRO contract to the attack contract (0x9a84….f445).

6. Next borrow 31,217,683,882,286.007211154 FEG tokens and 423 WBNB from LP trading pair contract (0x2aa7.. .6c14).

7. Repeat steps 3, 4 and 5 to steal a large amount of FEG tokens from the FEGexPRO contract into the attack contract.

8. Then return the flashloan and transfer the obtained WBNB to the attack contract to complete this attack.

9. More than 50 identical attacks have been executed using the same method, with a total profit of about 144 ETH and 3280 BNB.

Vulnerability Analysis

This attack mainly exploits the vulnerability that the path address in the swapToSwap function of the FEGexPRO contract can be controlled and the validity of the path address is not verified in the contract. Since the contract depends on the current token balance in the contract when updating the user balance in the depositInternal function, the attacker is able to pass in a malicious path address and the token balance in the contract will not change when the swapToSwap function is called, allowing the attacker to repeatedly reset the number of tokens recorded by the attack contract in the FEGexPRO contract, thus allowing the FEGexPRO contract to repeatedly approve its tokens to multiple malicious contracts controlled by the attacker.

Fund Tracing

As of this writing, the stolen funds are still at the attacker’s address (0x73b3…. .ff7c) without being transferred out.

Summary

In response to this incident, Beosin security team recommends:

1. When developing a project, attention should be paid to possible security risks when interacting with other contracts, and try to avoid setting key parameters to be controllable by the user. If the business requirements are such, the parameters input by the user need to be strictly judged as risky or not.

2. Before the project goes live, it is highly recommended to choose a professional security audit company for a comprehensive security audit to avoid security risks.

1.What is the impact on Web3 after LUNA’s crash and DeFi “fled” ?

2. How to Ensure the Security of NFT Under the Web 3.0 Boom?

3. DEUS Finance Suffered its Second Flashloan Attack This Year: Beosin’s Detailed Analysis

4. Beosin Has Completed Security Audit Service of Crypto LEGO ALG

5. What is the impact on Web3 after LUNA’s crash and DeFi “fled” ?

6. 「RECAP」AMA About How to Keep Your Smart Contract Secure During Development With Beosin VaaS