Type: #logicFlow #dex
Project: Burger swap
Date: 27/05/21
Blockchain: BSC
Problem: BurgerSwap swapping function had a missing require statement which could let anyone remove any amounts from a pool on the protocol.
The swap() function checks for the x*y ≥ k condition which verifies if the correct amount of tokens were received to do the swap. The code marked in the yellow box is what BurgerSwap is missing from its swap() function. Anyone could call this function to swap 100 token A to 100 token B, and could send only 1 token A and receive back 100 token B. This allows anybody to remove any amount of tokens from the pool without checking the x*y ≥ k. There seems to be no explanation for why this check was removed by the developers of BurgerSwap.
Another difference was an extra modifier onlyPlatform for the swap() function that allowed only the Router to call the swap function.
For the attack, the hackers created a pair with some newly created X tokens and BURGER. Then the Router was called to do a swap, sending in incorrect amounts of tokens. After the X token → BURGER swap, the attacker re-entered and did another swap BURGER → WBNB. Because the attacker re-entered before the updation of reserves after the first swap, the previous values of reserves were used for the next swap from BURGER → WBNB.
The Hacker:
1) Flash swaps 6000 WBNB from PanckakeSwap.
2) Swaps 6000 WBNB ↔ 92000 BURGER.
3) Creates a new token (which we will call X). Creates a new pair with some X tokens and BURGER.
4) Adds 100 X tokens and 45000 BURGER to the pool.
5) Swaps 100 X tokens ↔ 4400 WBNB.
6) Swaps another 45000 BURGER ↔ 4400 WBNB because of re-entrancy.
7) Swaps 493 WBNB ↔ 108800 BURGER
8) Replays the flash swap.
Discoverer: NaN. was hacked
Harm: 7.2 M $
link
Project: Burger swap
Date: 27/05/21
Blockchain: BSC
Problem: BurgerSwap swapping function had a missing require statement which could let anyone remove any amounts from a pool on the protocol.
The swap() function checks for the x*y ≥ k condition which verifies if the correct amount of tokens were received to do the swap. The code marked in the yellow box is what BurgerSwap is missing from its swap() function. Anyone could call this function to swap 100 token A to 100 token B, and could send only 1 token A and receive back 100 token B. This allows anybody to remove any amount of tokens from the pool without checking the x*y ≥ k. There seems to be no explanation for why this check was removed by the developers of BurgerSwap.
Another difference was an extra modifier onlyPlatform for the swap() function that allowed only the Router to call the swap function.
For the attack, the hackers created a pair with some newly created X tokens and BURGER. Then the Router was called to do a swap, sending in incorrect amounts of tokens. After the X token → BURGER swap, the attacker re-entered and did another swap BURGER → WBNB. Because the attacker re-entered before the updation of reserves after the first swap, the previous values of reserves were used for the next swap from BURGER → WBNB.
The Hacker:
1) Flash swaps 6000 WBNB from PanckakeSwap.
2) Swaps 6000 WBNB ↔ 92000 BURGER.
3) Creates a new token (which we will call X). Creates a new pair with some X tokens and BURGER.
4) Adds 100 X tokens and 45000 BURGER to the pool.
5) Swaps 100 X tokens ↔ 4400 WBNB.
6) Swaps another 45000 BURGER ↔ 4400 WBNB because of re-entrancy.
7) Swaps 493 WBNB ↔ 108800 BURGER
8) Replays the flash swap.
Discoverer: NaN. was hacked
Harm: 7.2 M $
link