Decoding OMNI Real-Estate Token Exploit | QuillAudit
On January 17, 2023, the OMNI Real Estate Project (ORT Token) on the BNB chain was hacked. The main cause of the attack was insufficient checks in their staking pool contract. The attacker stole around 236 BNB, i.e., roughly $70K, at the time of the attack.
Introduction to OMNI Group and ORT Token:
Omni Group offers a solution for the decentralized real estate market. ORT token is a native token of Omni Real-Estate Group built on the Binance Smart Chain (BSC) blockchain. ORT holders will be able to invest in, buy, and sell real estate assets on the NFT Marketplace.
Vulnerability Analysis & Impact:
The Root Cause:
The attack was possible due to the vulnerability in their StakingPool Contract, which did not have proper parameter validation. The reward is determined in the contract using the "_Check_reward" function, which has two user-controlled parameters, namely durations and balance.
The durations parameter specifies the duration of a user stake period. There are “if-else conditions,” which check the value of duration for 3, 6, 12, or 24 and perform the calculations accordingly. However, if these numbers are not supplied, the function will just return total_percent instead of performing the required calculation.
As a result, when the duration value is 0, this method returns total_percent.
On Chain Details:
Attacker’s 1st Address: 0x9bbd94506398a1459f0cd3b2638512627390255e
Attacker’s 2nd Address: 0xdA5919bf3a49aD47b7c7103a9ed3902cEe78d528
Attacker’s Contract: 0xdD87D807774c8aA9D70FC6aF5912C97FaDBF531B
ORT Token: 0x1d64327C74d6519afeF54E58730aD6fc797f05Ba
Staking Pool Contract: 0x26bc1245b8476086e85553e60ee5e3e59fed9be0
Invest Txn Hash : 0x49bed801b9a9432728b1939951acaa8f2e874453d39c7d881a62c2c157aa7613
Withdraw Txn Hash: 0xa916674fb8203fac6d78f5f9afc604be468a514aa61ea36c6d6ef26ecfbd0e97
The Attack Steps:
- The attacker first funded his wallet(0xda591) with 0.97 BNB from FixedFloat.
- The attacker then constructed a contract (0xdd87) and executed the contract’s invest function, setting the end date value to 0, effectively passing the contract’s verification.
- The attacker began by calling the invest function and invested 1 Wei. Then he called the withdrawAndClaim function to receive his ORT token rewards. And because of the vulnerability, he obtained much more tokens.
- The attacker repeated the above steps multiple times to steal all the ORT tokens from the contract.
- Finally, the attacker swapped the ORT tokens to BNB tokens and kept the profit, which amounted to 236.9 BNB.
After the Exploit :
There is no official announcement from the Omni State Group regarding the hack.
The value of their token substantially decreased following the exploit. As of the date of this blog, the price of the token is $0.0000002167. Check it out here.
Flow of Funds:
Funds Left in Attacker’s Wallets:
Similar projects secured by QuillAudits:
Web3 security- Need of the hour
Why QuillAudits For Web3 Security?
QuillAudits is well-equipped with tools and expertise to provide cybersecurity solutions saving the loss of millions in funds.
Want more Such Security Blogs & Reports?
Connect with QuillAudits on :
Linkedin | Twitter | Website | Newsletter | Discord | Telegram
Partner with QuillAudits :
- Affiliate program ( Refer and secure web3 )
- QuillAudits Partnership Programme ( Venture funds, launchpads, development companies, marketing firms, web2 cybersecurity firms, web3 products )
- Join Ambassador program