RES Token $290K Flash Loan Exploit | QuillAudits
On the 6th of October, 2022, $RES Token (BEP20 Token at BNB Chain) suffered a flash loan attack. The Hackers used flash loans to manipulate the pool price of the token and gain profit. Around $290,000 was stolen by the hackers.
Introduction to $RES Token:
$RES is a cryptocurrency, deployed on Binance Smart Chain(BSC BEP-20). Currently, the $RES token is being traded at $0.0060 at Pancakeswap. Further Details can be found here.
Vulnerability Analysis & Impact:
Before getting deep into it, let's first understand what Flash Loans Attacks are:
A flash loan attack is an abuse of the smart contract security of a particular platform in which an attacker usually borrows many funds that don’t require collateral. They then manipulate the price of a crypto asset on one exchange and quickly resell it on another one.
The main vulnerability was present in the
thisAtoB function of the contract. It was used to swap $RES tokens in the contract to $ALL tokens through the RES-BSCUSD-ALL path. The hacker used flash loans to manipulate the pool of RES Token, swapped the tokens back, and made a profit of around $290K from the attack.
Addresses and Transaction Details:
- The attacker funded 0.5 BNB from EOA (0x92d47) to his wallet(0x986b2) and then created the attacking contract.
2. The thisAToB function is an external function that calls _thisAToB function which is used to swap $RES tokens in the contract to ALL tokens through the RES-BSCUSD-ALL path.
3. The attacker borrowed flash loans and did multiple swaps and gained awards on $ALL tokens. Then he burned $ALL-SWAP token by calling thisAToB() function.
4. As a result of burning tokens, the pair reserve ratio increased. Then the attacker swapped $ALL tokens to USDT and gained a profit of around $209,203 from the attack.
5. The attacker repeated the same steps as above and this time he gained an additional profit of $81,268. Adding both, the attacker made a total of $290K from this attack.
After the Exploit :
The attack directly impacted the price of the token. The price of $RES Token fell by 97%. It fell from $0.23 to $0.0060. See here for more info.
Status of Funds:
Prevention for Flash Loan Attacks:
Recently there has been a massive increase in flash loan attacks in the DeFi space. Their occurrences have given birth to two popular solutions. Check out here for a detailed explanation.
1. Decentralized Pricing Oracles
2. Implementation of DeFi Security Platforms
Further Reference / Credit:
Similar projects secured by QuillAudits:
Web3 security- Need of the hour
Why QuillAudits For Web3 Security?
QuillAudits is well-equipped with tools and expertise to provide cybersecurity solutions saving the loss of millions in funds.
Want more Such Security Blogs & Reports?
Connect with QuillAudits on :