Type: #accessControl #validation
Project: MetaPoint token
Date: 12/04/23
Blockchain: BSC
Problem: Positions are stored on contract with public approve function.
MetaPoint is a token with staking system. When user creates deposit -> the new contract is created with users funds. These contracts with positions are vulnerable, since everything they have is an uprotected approve function which anyone can call and set allowance to his address.
The Hacker:
1) Finds all contracts with users positions.
2) Created contract which calls approve to his address in batches.
3) Created contract which transferFrom tokens to his contract and swaps all tokens to USDT.
Discoverer: NaN, was hacked
Harm: 920 k $
link
Project: MetaPoint token
Date: 12/04/23
Blockchain: BSC
Problem: Positions are stored on contract with public approve function.
MetaPoint is a token with staking system. When user creates deposit -> the new contract is created with users funds. These contracts with positions are vulnerable, since everything they have is an uprotected approve function which anyone can call and set allowance to his address.
The Hacker:
1) Finds all contracts with users positions.
2) Created contract which calls approve to his address in batches.
3) Created contract which transferFrom tokens to his contract and swaps all tokens to USDT.
Discoverer: NaN, was hacked
Harm: 920 k $
link