According to the official tg group news, Bogged Finance project suffered a lightning loan attack on the night of May 22, Beijing time, followed by a precipitous drop in the price of BOG tokens. KnowChuangYu Blockchain Security Lab was the first to follow up and analyze this security incident.
Take one of the transactions that caused this lightning loan attack as an example, the corresponding specific transaction hash is as follows: 0x47a355743456714d9abc23e1dff9e26430e38e84cc8b8e0a0b4ca475918f3475
Hacker address 0x4622A1f3d05DcF5A0589c458136C231009B6A207 Lightning lending attack through the attack contract 0xe576790f35A8cC854d45b9079259Fe84F5294e07, by calling the attack function in the attack contract, passing in the parameters 150000000000000000000000000, through the BankController (implementationlogic) contract for lightning lending 15000BNB, through the WBNB contract exchange after the start of the arbitrage attack.
This lightning loan attack is mainly due to a logic flaw in the transferFrom function in the Bogged Finance contract using the _txBurn function, the token contract should charge 5% of the transaction amount for all transactions as transaction fees to destroy, of which 4% is distributed to the lp provider and 1% is burned, but in the transferFrom function does not check the transfer address and allows transfer to itself, in the process of self-transfer, only 1% fee is deducted, while the lp provider including the attacker gets 4% bonus reward, so the attacker can add a lot of liquidity for liquidity mining and repeatedly self-transfer for profit, and finally remove the liquidity to complete the attack process.
A look at the browser transaction shows that the attacker converted 1298.20 BNB, 1489.05 BNB, 1707.95 BNB, 1959.03 BNB into 47,770 BOG in PancakeSwap in four separate transactions in that transaction and used a total of 8434.07 BNB and 281,174.22 BOG to add liquidity in the PancakeSwap’s BNB-BOG pool to add liquidity
As shown in the figure below, the attacker adds liquidity to the WBNB and BOG in the following five transactions and pledges the obtained liquidity tokens for mining.
Figure 1 Adding liquidity and performing your collateral mining to prepare for multiple transfers
The attacker then profits by attacking the contract to make multiple self-transfers.
Figure 2 Repeated self-transfer
Finally, the attacker completes this attack by converting them in batches to ETH for cashing out via the Nerve (Angswap) cross-chain bridge and then removes the liquidity and returns it to Lightning Credit.
Figure 3 Removal of liquidity
Figure 4 Returning the lightning credit
After the attack, the suspected administrator in the project community issued a relevant notice, and the relevant fee collection function has been shut down in the current contract, and the corresponding _burnRate is set to 0, so there is no room for arbitrage.
Figure 5 Community notification
Figure 6 Turn off the fee collection function
The recent spate of lightning loan attacks on the BSC chain has seen frequent outbreaks of attacks as the on-chain DeFi ecosystem grows by leaps and bounds. Advanced and sophisticated lightning loan attack techniques have been staged many times in the ethereum ecosystem. It can be seen that with the development of DeFi ecosystem on other chains, attackers have gradually expanded their targets to DeFi ecosystem on other chains, and DeFi security issues need to be paid more and more attention.
Posted by:CoinYuppie，Reprinted with attribution to:https://coinyuppie.com/bogged-finance-attack-event-analysis/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.