Back to all stories
Incident Analysis
Sneaky Sandwich Exploit: The BabyDoge Attack Caused 442 BNB Loss
Sneaky Sandwich Exploit: The BabyDoge Attack Caused 442 BNB Loss

Project name: Baby Doge

Project type: Token

Date of exploit: Jun 21, 2023

Asset loss: 442 BNB

Vulnerability: Sandwich attack

Date of audit report publishing: Nov 16th, 2021

Conclusion: The issue was identified by CertiK but fell outside of the audit scope

Details of the Exploit


BabyDoge coin is a deflationary token that charges fees during token transfers, and a proportion of fees will be added as liquidity to the BabyDoge/BNB pool.

Nature of the Vulnerability

The vulnerability involved a sandwich attack targeting the add liquidity operation, vulnerable to arbitrage if slippage isn't configured. Typically, transfer fees make such attacks unprofitable.

However, BabyDoge's fee exemption for a specific contract lets attackers transfer large Babydoge token amounts fee-free(without paying the tx fee), turning the exploit profitable.

CertiK Audit Overview

Screenshot 2024-01-08 at 5.15.22 AM Screenshot 2024-01-08 at 5.15.22 AM


On Jun 21, 2023, BabyDoge was attacked, leading to a loss of 442 BNB. The attacker made use of a contract that could waive the fee and performed a sandwich attack. The vulnerability lies in a manual operation that excluded a third-party contract from the fee, thus making the sandwich attack exploitable.