CertiK Logo
CertiK Logo
Products
Blogs
Company
incident-response

Products & Technology

Featured Ecosystems

Company

English
Back to all stories
Reports
Incident Analysis
Wiener DOGE Exploit
7/11/2022
Wiener DOGE Exploit

TL;DR

On April 25 2022, at 8:33 AM +UTC, the Wiener DOGE project was exploited, causing a loss of ~30, 000 USD. The attacker exploited the inconsistency between WDODGE’s charging mechanism and the exchange pool to launch the attack.

Event Summary

The root cause stemmed from the deflationary token contract, where the LP Pairs as sender were not excluded from the transfer fee. Therefore, the attacker was able to drain out the deflationary tokens within the LP Pairs, which caused the price imbalance of the pairs leading to a profit.

The hacker flashloaned 2,900 BNB, swapped 5,974,259,851,654 WDOGE tokens from the WDOGE and BNB transaction pairs, and then retransferred 4,979,446,261,701 tokens into the transaction pairs.

Transaction hash:

0x4f2…

Hacker address:

0x962…

Profited address:

0x46b…

Three other malicious exploits followed on the same day:

  • Last Kilometer project was exploited by a flash loan attack, resulting in a loss of US$26,495 (equivalent to about 170,000 RMB);

  • The Medamon project was exploited by a flash loan attack, resulting in a loss of $3,159 (equivalent to about 20,000 RMB).

  • The PI-DAO project was exploited by a flash loan attack, resulting in a loss of US$6,445 (equivalent to about 40,000 RMB).

The attackers and attack methods of this series of attacks are the same as Wiener DOGE that occurred earlier in the same day.

Attack Technical Analysis:

The attacker :

  1. Took a flash loan of 2900 BNB;

  2. Swapped 2900 BNB for 6 638 066 501 837 WDOGE

Status of LP:

  • WDOGE : 199 177 850 468

  • WBNB: 2 978

  1. Sent 5 974 259 851 654 WDOGE (some fees are taken from this amount) to the LP, the LP is now in imbalance since there are more WDOGE than BNB.

Status of LP :

  • WDOGE : 5 178 624 112 169

  • WBNB : 2 978

  1. Called the skim() function to retrieve 4 979 446 261 701 WDOGE;

When the LP sends tokens, it also has to pay the fees, which will decrease the amount of WDOGE within the LP. Since a large amount of WDOGE was sent by the attacker before calling skim(), the LP will pay a large fee. This operation emptied the amount of WDOGE within the LP. PICwd1

The attacker also called the sync() function to update the values in reserves within the LP. There are now few WDOGE and 2 978 BNB, making the price of WDOGE very expensive compared to WBNB.

  1. Swapped his remaining WDOGE to retrieve the 2 978 BNB, repaid the flash loan and made a profit of 78 BNB.

Contracts Vulnerability Analysis

When a user (or a LP) transfers a given amount of WDOGE; in addition to the fees, 4% of the amount of tokens will be burnt.

Therefore, if the LP sends 100 WDOGE, its balance will decrease by 104 WDOGE.

WD2

The LP should be excluded from fees and tokens burns.

Profit and assets tracing

78 BNB or 30 000 USD were loss in the transaction that can be found: https://bscscan.com/address/0xbdf…

wd3

Conclusion:

The hacker exploited the deflationary nature of the tokens by having the transaction pair burn off a portion of the transaction pair tokens during the skim, corrupting the calculation of the k-value. The vulnerability could’ve been found if both tokens and LP audited the contract. If only token contracts are audited then the switch system will be regarded as an external dependency.

Related Stories
Prisma Finance Incident Analysis
Blogs
Incident Analysis
On 28 March, Prisma Finance was exploited by multiple addresses leading to a loss of approximately $12.3 million. Three attackers took advantage of a vulnerability in the Prisma Finance MigrateTroveZap contract which allowed them to manipulate a migration process. Since the exploit occurred, a wallet that received funds from the main exploiter has reached out to the Prisma Finance deployer declaring that their actions were a white hat rescue.
3/29/2024
Concentric.Fi Incident Analysis
Blogs
Incident Analysis
On 22nd January, Concentric.fi was exploited leading to losses of over $1.85 million. The wallets that conducted the attack have been doxxed as the OKX exploiter. Concentric announced on X that their protocol was attacked due to a targeted social engineering attack leading to the compromise of one of their teams admin wallets. From there the attackers were able to upgrade Concentric vault contracts with a malicious implementation leading to losses in liquidity pools as well as users who had approved Concentric contracts.
1/23/2024
Socket Tech Incident Analysis
Blogs
Incident Analysis
On 16 January 2024, Socket Tech was exploited by EOA 0x50df for approximately $3.3 million. The attacker took advantage of a vulnerability within the performAction function of a newly deployed contract which has an incomplete user input validation. Users who had approved the vulnerable SocketGateway contract had their funds stolen stolen. From this attack there were 230 wallets that lost funds with the biggest victim losing $656k USDC.
1/18/2024
CertiK Logo
SOC
© 2024 by CertiK. All Rights Reserved.
Products & Technology
Smart Contract AuditSkynetSecurity ScoreKYCPenetration TestingBug BountyFormal VerificationAdvisory ServicesSkyHarborSkyInsights
Company
AboutVenturesBlogCareersDisclaimerPrivacy PolicyCookie PolicyTerms and ConditionsTrust and Security
Social Media
CertiKSecurity LeaderboardCertiK AlertTelegramYoutube
MediumLinkedIn
Wechat
Discord
MediumLinkedIn
Wechat
Discord
© 2024 by CertiK. All Rights Reserved.
;