As a result of the attack, BOG’s price flash crash nearly went to zero, dropping 98% from $8.50 to $0.15.
PeckShield first tracked and analyzed the attack and found that it originated from a logic error in its _txBurn, resulting in a loss of $3.62 million. It is worth noting that in the last few lightning generation attacks, the attackers have been able to quickly transfer their assets to ethereum via the Nerve (Anyswap) cross-chain bridge after making a profit.
The Bogged Finance protocol is designed to provide decentralized on-chain prophecy machines and code execution, and PeckShield analysis shows that originally the BOG token contract charged 5% of all transactions as transaction fees, of which 4% was allocated proportionally to liquidity providers and 1% was burned.
However, in this attack, the Bogged Finance contract only charges 1% of the transaction amount as transaction fees, allocating an additional 4% to liquidity providers, including the attacker, as a reward. The attacker increases the pledge amount through lightning credits, and then inflates the pledge reward by repeatedly self-transferring multiple times.
The following is the process of the attack.
In the first step, the attacker converted 1,371.4 BNB, 1,652.7 BNB, 2008.9 BNB, 2,442.1 BNB, 2,968.5 BNB, 3,608.5 BNB, 4,386.5 BNB, 5,332.1 BNB, 6, 481.7 BNB, 7,879 BNB, 9,577.7 BNB were converted to 47,770 BOG; and a total of 88,159.43 WBNB and 421,761.33 BOG were injected into PancakeSwap WBNB+BOG in 9 tranches to add liquidity and obtain the corresponding 83, 440.57 LP Token.
In the second step, the obtained 83,440.57 LP Token is pledged to the BOG token contract for liquidity mining.
In the third step, the attacker operated 434 self-transfers, transferring a total of 1,874,000 BOG and making a profit of 151,000 BOG.
In step four, after getting these BOGs, the attacker converts them into WBNB and then quickly converts them into ETH in batches via the Nerve (Angswap) cross-chain bridge, where PeckShield’s anti-money laundering situational awareness system, CoinHolmes, will continuously track the stolen assets.
In the fifth step, the liquidity injected in step 1 is burned, completing the entire attack process.
According to PeckShield, there is a growing trend of lightning attacks on the CoinShield smartchain. This will not be the last lightning attack, and these lightning attacks are replicated on Ether.
When lightning attacks are frequent, the security foundation of the entire DeFi space deserves to be re-examined. What’s worrisome is that developers are not yet sufficiently aware of the security of the protocol.
Posted by:CoinYuppie，Reprinted with attribution to:https://coinyuppie.com/flash-cashing-causes-bog-to-go-to-zero-what-is-this-another-flash-credit-attack/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.