On 10th September, 2024, Caterpillar Coin ($CUT token) suffered a flashloan attack resulting in a loss of ~$1.4M and causing a 99% slippage on the token.
The attack exploited vulnerabilities in the ‘price protection mechanisms’, which led to the manipulation of token reserves and rewards.
Attack Transactions
Addresses
Step by Step
A new contract was created (0x34bEb8b92a61EB1C3e2fe27eAC16EeC895Ba2e98) and the attacker transferred 4,362,551 USDT. 3,053,785 USDT was then swapped for 515,830 CUT tokens.
The attacker called Pancakeswap RouterV2.addLiquidity() with amountADesired as 392,629 USDT and amountBDesired as the 515,830 CUT tokens from step 2.
392,629 USDT is added, however, only 21,885 CUT tokens are added to the USDT-CUT liquidity pool (LP).
'_transferFunDealTypeContractAddress' recorded open deal 3157 at current price and generated a reward record.
With the liquidity added, the exploiter then swapped the 484,066 CUT they were still holding for 3,129,939 USDT. This shifted the reserve ratio from 4,900,599.300,495,827,251,332,919 vs 273,159.777,220 (17.94)to 1,770,659.646,119,018,975,885,067 vs 757,225.933,923 (2.34)
The exploiter then removed 141,826 USDT and 60,652 CUT from liquidity.
The LP Burn was expected to transfer 60.7e9 CUT to the exploiter. But, due to open "order 3157", they got 275e9 CUT instead. This order was created IActCheckContract.actDealLPAddBehaviorTrue() when the liquidity was added.
The exploiter then swapped 264,268 CUT for a further 447,179 USDT.
The $CUT token implemented a “price protection mechanism“ that involves external ‘transferFunDealTypeContractAddress’ contracts at 0x7b2e7cb89824236cb7096cde7a153af30f3ecbaf and lpFutureYieldContractAddress at 0x0917914b0a70ee7f1f2460fcd487696856e31154.
When adding to the LP, the 0x7b2e contract generates an orderID and a ‘reward' record referring to the current reserve ratio. When removing from the LP, CUT token invokes the '0x7b32.valuePreservationByRemoveLP()’ method to calculate the actual balance change of the recipient, on top of Uniswap accounting.
As seen from the decompiled code at 0x7be2 (0xa54() calculates the USDT amount referring to current reserve ratio; 0x1cf2() refers to the recipient order record)
The method calculates the USDT swap amount ‘v6' from past orderinfo and 'v0’ from current price v0 and then naively converts the difference to CUT, based on the current price.
The calculation is vulnerable to price manipulation and the exploiter abused this in order to gain extra $CUT tokens, sold them and gained ~$1.4m from the BUSD-CUT pancake pair.
In 2023 we saw an average of 15 flashloan attacks per month with a yearly loss of $126M excluding a further $188M that was returned by whitehats. In 2024, we have recorded 52 incidents involving a flashloan, bringing the average down to 5.7 incidents per month, but still reaching losses of ~$86.7M.
To keep up to date on the latest incident alerts and statistics follow @certikalert on X, or read our latest analysis on certik.com.