NewsBTC 2021-07-23 12:57:09

BSC Flash Loan Attack: PancakeBunny

In May 2021, we witnessed multiple hacks targeting BSC DeFi products. In particular, a loophole related to reward minting in the yield aggregator, PancakeBunny, was exploited to mint ~7M BUNNY tokens from nothing, leading to a whopping $45M financial loss. After the bloody hack, three forked projects — AutoShark, Merlin Labs, and PancakeHunny — were attacked with similar techniques. Amber Group’s Blockchain Security team, led by Dr. Chiachih Wu, elaborates on the loophole and gives a step-by-step account of the exploit by reproducing the attack against PancakeBunny. Hidden Attack Surface: balanceOf() Many people believe that composability is crucial to the success of DeFi. Token contracts (e.g., ERC20s) play an essential role on the bottom layer of DeFi legos. However, developers may overlook some uncontrollable and unpredictable conditions when integrating ERC20s into their DeFi projects. For example, you can’t predict when and how many tokens you will receive when you retrieve the current token balance. This uncertainty creates a hidden attack surface. In many cases, smart contracts reference the balances of ERC20s in their business logic. For example, when a user deposits some XYZ tokens into the smart contract, XYZ.balanceOf() is invoked to check how much money is received. If you’re familiar with the Uniswap codebase, you probably know that the UniswapV2Pair contract has many balanceOf(...

La maggior parte ha letto le notizie

Crypto ETPs See $500,000,000 in Institutional...
2024-01-29
Expert Reveals Key Macro Indicators For Bitco...
2024-01-29
Stellar Development Foundation Votes to Delay...
2024-01-29
Spot bitcoin ETF race heats up as Invesco and...
2024-01-29
HyperVerse's Alleged Ponzi Scheme Raked in Ne...
2024-01-29
Hallucination Nation: How Crazy Is Your Favor...
2024-01-29
Republican French Hill says he’s optimistic a...
2024-01-29
Bitdeer Stock (NASDAQ:BTDR): Discover a Need-...
2024-01-29

Notizie correlate

Hong Kong’s Harvest Fund Management Seeks Spot Bit...
29 Jan 2024
Bitcoin Will Hit $170,000 After The Halving: Antho...
29 Jan 2024
Crypto Trader Nets $1.6 Million in Just 14 Hours F...
29 Jan 2024
Bitcoin NFTs fall by 60% after December boom
29 Jan 2024
Play-to-earn is alive and kicking: Ronin Network s...
29 Jan 2024
Top Crypto Analysts of the Month
29 Jan 2024

Leggi la dichiarazione di non responsabilità : Tutti i contenuti forniti nel nostro sito Web, i siti con collegamento ipertestuale, le applicazioni associate, i forum, i blog, gli account dei social media e altre piattaforme ("Sito") sono solo per le vostre informazioni generali, procurati da fonti di terze parti. Non rilasciamo alcuna garanzia di alcun tipo in relazione al nostro contenuto, incluso ma non limitato a accuratezza e aggiornamento. Nessuna parte del contenuto che forniamo costituisce consulenza finanziaria, consulenza legale o qualsiasi altra forma di consulenza intesa per la vostra specifica dipendenza per qualsiasi scopo. Qualsiasi uso o affidamento sui nostri contenuti è esclusivamente a proprio rischio e discrezione. Devi condurre la tua ricerca, rivedere, analizzare e verificare i nostri contenuti prima di fare affidamento su di essi. Il trading è un'attività altamente rischiosa che può portare a perdite importanti, pertanto si prega di consultare il proprio consulente finanziario prima di prendere qualsiasi decisione. Nessun contenuto sul nostro sito è pensato per essere una sollecitazione o un'offerta