ETH Exchange ETH Exchange
Ctrl+D ETH Exchange
Home > Blockchain > Info

Security Team: EGD_Finance was attacked by hackers, and token prices were manipulated by flash loans



Time:8/8/2022 12:09:04 PM

[Security Team: EGD_Finance was attacked by hackers, token prices were manipulated by flash loans] On August 8th, according to news from SlowMist, the EGD_Finance project on BSC was attacked by hackers, resulting in unexpected withdrawal of funds from its pool. The analysis conducted by the SlowMist security team is as follows:

1. The claimAllReward function in the EGD_Finance contract will call the getEGD Price function to calculate the price of EGD when calculating the reward, and the getEGD Price function only calculates the price of EGD by dividing the balance of EGD and USDT in the pair

2. The attacker uses this point to loan a large amount of USDT in the pool first, so that the price of EGD tokens becomes very small after calculation. Therefore, when the claimAllReward function is called to obtain rewards, more rewards will be calculated. As a result, the EGD tokens in the pool were withdrawn unexpectedly

The reason for this incident is that the price feeding mechanism for calculating the rewards when the EGD_Finance contract obtains the rewards is too simple, resulting in the token price being manipulated by the flash loan to make a profit.

Other news:

Security Team: BGEO Token may have an "unlimited minting" vulnerability: According to news on October 20, according to Dataverse's disclosure on social media, hackers have detected attacks on the GEO BSC contract, and remind users not to purchase GEO in BSC because of related operations. May not be valid. Subsequent GeoCash will maintain related issues, and will also conduct airdrops based on snapshots on the ETH/Polygon chain.

According to PeckShield's analysis on social media, this problem may be caused by the "allowing unlimited minting" vulnerability in the minting function of BGEO (Binance GeoDB Coin). [2022/10/20 16:31:20]

Security team: Oapital address withdrew 5 million USDC from Aave V2 and transferred 4 million to FTX: Jinse Finance reported that according to PeckShield monitoring, the address marked as Oapital starting with 0x66B8 withdrew 5 million USDC flow from Aave V2 sex, and transferred 4 million USDC to FTX. [2022/10/11 10:30:42]

Dynamics | It is reported that "Fomo 3D was hacked" and the SlowMist security team judged it as a DDoS attack: According to the Internet rumor "Fomo 3D was hacked", the SlowMist security team judged that the Fomo 3D website suffered a DDoS attack, but the smart contract on Ethereum Not affected, because the Ethereum network Gas value is still within the normal range. At present, Cloudflare, the security management website used by the Fomo 3D website, has turned on anti-virus verification, and users need to wait for 5 seconds to access the website. It is reported that the waiting time of 5 seconds is almost the most advanced DDoS defense strategy of Cloudflare. [2018/7/31]

Flow token jumps 38% after Meta announces NFT display feature

Golden Finance News.

Block Chain:8/5/2022 12:04:08 PM
The trading volume of CryptoPunks series NFT has increased by more than 500% in the past 24 hours

Jinjin Finance News, according to OpenSea data.

Block Chain:8/4/2022 3:20:19 AM
A-share closing: Shenzhen Securities Blockchain 50 Index rose 2.8%

Golden Finance News, A-share closing.

Block Chain:8/5/2022 12:04:41 PM
Foundry provides BTC donations to developers of the open source Stratum V2 protocol

Jinse Finance reported that digital asset mining and betting.

Block Chain:8/3/2022 2:56:57 AM
El Salvador’s banking platform Galoy launches Bitcoin-backed synthetic dollar

Jinse Finance reported that Galoy.

Block Chain:8/3/2022 2:56:54 AM
Chongqing Daily publishes digital commemorative collections

Jinse Finance reported that in order to celebrate the 70th anniversary of Chongqing Da.

Block Chain:8/7/2022 12:07:46 PM
Luxury brand Prada launched a new Timecapsule NFT series

Jinse Finance reported that luxury brand Prada announced the launch of a new Timecapsule N.

Block Chain:8/4/2022 12:02:56 PM