$NGP token on BSC (@newgoldprotocol) was hacked for ~2M usd. (tx see coment)
The root cause apears to be a wrong fee logic in the tokens' trasfer function.
The hack is very simple. Just swap USDT->NGP and swap back (P1). As it requires a very large amount of money, the hacker used many layers of flashloan from Morpho, uniswap V3 and venus (P2).
This token will charge a proportion of fees when selling, which was written in the transfer function when transferring to the pair. However, as P3, the fee was paid by the pool BEFORE the users' token was transferred to the pair, and "sync" was called to make the token price go up.
correct design:
(1) user pays treasury x% of fee;
(2) user transfer token to the pool and sell.
The vulnerable implementation:
(1) when a sell detected, transfer from pool to treasury;
(2) call pool.sync (driving token price up)
(3) user transfer token to pool and sell.
5.85K
0
The content on this page is provided by third parties. Unless otherwise stated, OKX TR is not the author of the cited article(s) and does not claim any copyright in the materials. The content is provided for informational purposes only and does not represent the views of OKX TR. It is not intended to be an endorsement of any kind and should not be considered investment advice or a solicitation to buy or sell digital assets. To the extent generative AI is utilized to provide summaries or other information, such AI generated content may be inaccurate or inconsistent. Please read the linked article for more details and information. OKX TR is not responsible for content hosted on third party sites. Digital asset holdings, including stablecoins and NFTs, involve a high degree of risk and can fluctuate greatly. You should carefully consider whether trading or holding digital assets is suitable for you in light of your financial condition.