On January 17, 2023, the OMNI Real Estate Project (ORT Token) on the BNB chain was hacked. The main cause of the attack was insufficient checks in their staking pool contract. The attacker stole around 236 BNB, i.e., roughly $70K, at the time of the attack.
Introduction to OMNI Group and ORT Token:
Omni Group offers a solution for the decentralized real estate market. ORT token is a native token of Omni Real-Estate Group built on the Binance Smart Chain (BSC) blockchain. ORT holders will be able to invest in, buy, and sell real estate assets on the NFT Marketplace.
Vulnerability Analysis & Impact:
The Root Cause:
The attack was possible due to the vulnerability in their StakingPool Contract, which did not have proper parameter validation. The reward is determined in the contract using the "_Check_reward" function, which has two user-controlled parameters, namely durations and balance.
The durations parameter specifies the duration of a user stake period. There are “if-else conditions,” which check the value of duration for 3, 6, 12, or 24 and perform the calculations accordingly. However, if these numbers are not supplied, the function will just return total_percent instead of performing the required calculation.
As a result, when the duration value is 0, this method returns total_percent.
On Chain Details:
Invest Txn Hash : 0x49bed801b9a9432728b1939951acaa8f2e874453d39c7d881a62c2c157aa7613
Withdraw Txn Hash: 0xa916674fb8203fac6d78f5f9afc604be468a514aa61ea36c6d6ef26ecfbd0e97
The Attack Steps:
- The attacker first funded his wallet(0xda591) with 0.97 BNB from FixedFloat.
- The attacker then constructed a contract (0xdd87) and executed the contract’s invest function, setting the end date value to 0, effectively passing the contract’s verification.
- The attacker began by calling the invest function and invested 1 Wei. Then he called the withdrawAndClaim function to receive his ORT token rewards. And because of the vulnerability, he obtained much more tokens.
- The attacker repeated the above steps multiple times to steal all the ORT tokens from the contract.
- Finally, the attacker swapped the ORT tokens to BNB tokens and kept the profit, which amounted to 236.9 BNB.
After the Exploit :
There is no official announcement from the Omni State Group regarding the hack.
The value of their token substantially decreased following the exploit. As of the date of this blog, the price of the token is $0.0000002167. Check it out here.
Flow of Funds:
Funds Left in Attacker’s Wallets:
Similar projects secured by QuillAudits:
Web3 security- Need of the hour
Why QuillAudits For Web3 Security?
QuillAudits is well-equipped with tools and expertise to provide cybersecurity solutions saving the loss of millions in funds.