laitimes
return

Zero-hour Technology || SATX attack event analysis

author:Zero-hour technology
Zero-hour Technology || SATX attack event analysis

Background

The https://bscscan.com/tx/0x7e02ee7242a672fb84458d12198fae4122d7029ba64f3673e7800d811a8de93f of on-chain attacks against SATX Token that have been monitored together

In total, the hackers launched two attacks:

Zero-hour Technology || SATX attack event analysis

The first attack https://bscscan.com/tx/0x3c6eb46bc7203c4996ed0886f25bec3d806000506dea2f2778df374380014105

Failed, because BNB was not transferred when the attack contract was called, resulting in the rollback of the failed transaction when executing BNB to WBNB.

Zero-hour Technology || SATX attack event analysis

The second attack was successful.

The initial funds of the hackers came from TornadoCash.

Zero-hour Technology || SATX attack event analysis

Interestingly, the attacker's attack contract function is named f***you.

Zero-hour Technology || SATX attack event analysis

Attack and incident analysis

First, the attacker exchanged 0.001 WBNB for 13.397690168956297175 SATX via PancakeSwap. Subsequently, swap PancakeSwap Pair WBNB-CAKE for 60 WBNB.

Zero-hour Technology || SATX attack event analysis

Then, in the callback function, exchange 0.0001 WBNB for 350018.558642186154111639 SATX (in the callback function, 52 WBNB is transferred again).

Zero-hour Technology || SATX attack event analysis

Then, the exchanged 350018.558642186154111639 SATX was transferred to PancakeSwap Pair WBNB-SATX, resulting in an imbalance of funds. The attacker then completes the exploit by calling SKISM and SYNC to balance the funds at the same time.

Zero-hour Technology || SATX attack event analysis

As you can see from the chart above, SKM should have transferred 350018.558642186154111639 SATX from PancakeSwap Pair to balance the funds, but it doubled the amount of SATX.

By looking at the code of the SATX Token contract, we can see this code in the transfer. First, the amount was transferred to _tokenOwner,

Zero-hour Technology || SATX attack event analysis

Next, 2.99% of the amount was transferred to the SATX Token contract, and 97.01% of the amout was divided by 10% of 1,000,000, and 9% and 8.3% were transferred to the three EOAs, respectively.

Zero-hour Technology || SATX attack event analysis
Zero-hour Technology || SATX attack event analysis

This is equivalent to an additional transfer of about double the amount of SATX, which leads to a sharp decrease in the SATX in PancakeSwap Pair WBNB-SATX, which is equivalent to a surge in the value of SATX due to the CPMM used by PancakeSwapV2 as an AMM algorithm.

Before skim, 1 WBNB=13844 SATX, and after skim, 1 WBNB=33 SATX. This led to a more than 600-fold spike in the value of SATX.

Zero-hour Technology || SATX attack event analysis

Subsequently, the attacker exchanged the SATX in his hand for WBNB through swap. With this attack, the attackers made a total profit of about 50 BNB.

technology
Previous: Oriental beauty still has to look at her! A new Chinese style debut, showing a different fashion belonging to Oriental women
Next: A rookie in the workplace plays a big name but is praised by others? "City in the City" is a "big name" that is really right

Read on