Type: #logicFlow #token
Project: Dei
Date: 05/05/23
Blockchain: Multichain
Problem: Upgrade to vulnerable implementation.
During the burnFrom function there is an invocation of _approve function, which grants allowance from the burner address to the msg.sender. The DEI token on BSC was upgraded on Apr-10-2023 so the vulnerability was present for almost a full month.
The Hacker:
1) Approves uint256.max to the address with DEI tokens, in our case the Uniswap LP pair.
2) Call burnFrom function with zero amount for granting allowance yourself.
3) Call transferFrom, after that the hacker calls sync and swaps all tokens.
Discoverer: NaN. was hacked
Harm: 5.4 M $
link
Project: Dei
Date: 05/05/23
Blockchain: Multichain
Problem: Upgrade to vulnerable implementation.
During the burnFrom function there is an invocation of _approve function, which grants allowance from the burner address to the msg.sender. The DEI token on BSC was upgraded on Apr-10-2023 so the vulnerability was present for almost a full month.
The Hacker:
1) Approves uint256.max to the address with DEI tokens, in our case the Uniswap LP pair.
2) Call burnFrom function with zero amount for granting allowance yourself.
3) Call transferFrom, after that the hacker calls sync and swaps all tokens.
Discoverer: NaN. was hacked
Harm: 5.4 M $
link