To prepare for the attack, the attacker first conducted a transaction (0x7d2d8d) 8 days ago, swapping 20 BNB for NBU WBNB and subsequently for GNIMB tokens, and then transferred the GNIMB tokens to the Staking contract as a pledge.
Eight days later, the attack transaction (0x42f56d3) was formally initiated. First, 75,477 BNBs were lent via flash loans and converted for NBU WBNB, after which the majority of the nimbus tokens in the pool were exchanged for these NBU WBNB tokens.
Then, to extract rewards, use the Staking contract’s getReward method. The calculation of rewards is proportional to the value of rate, and the value of rate is determined by the values of NIMB and GNIMB tokens in the pool. Because NIMB tokens are determined by the number of tokens in the manipulated pool in the previous step of the flash loan. As a result of the exchange of a large number of tokens in the flash loan, it becomes higher, and the final calculated reward will be more than 4. The attacker eventually exchanged the last obtained GNIMB tokens and owned nimbus tokens into NBU WBNB tokens and then into BNB, and returned the flash loan profit.
The fundamental cause for this attack is that the calculation of rewards is based solely on the quantity of tokens in the pool, which allows flash loans to manipulate the system to collect more rewards than planned. When calculating token payouts, the SlowMist security team recommended that the security of the price source be maintained.
Attack transaction reference: https://bscscan.com/tx/0x42f56d3e86fb47e1edffa59222b33b73e7407d4b5bb05e23b83cb1771790f6c1
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Join us to keep track of news: https://linktr.ee/coincu
Website: coincu.com
Chubbi
Coincu News
Cosmos Developer Interchain Foundation sold 3000 ETH from its ICO today, totaling 21,600 ETH sold…
George Town, Grand Cayman, 22nd November 2024, Chainwire
Inflation Warning by Vanguard highlights risks during Trump’s term, citing tariffs and tighter labor markets…
Clanker token trading volume hit $59.8M on Nov 21, accounting for 14.75% of PumpFun. Fee…
Bitcoin Spot ETF inflows hit $1.005B on Nov 21, led by BlackRock’s $608M and Fidelity’s…
Discover the success story of a New York tech entrepreneur who made $72M from a…
This website uses cookies.
