The Analysis of FEGtoken Security Incident: Devil’s in the Details

0x1 Vulnerability Analysis: At First Glance

0x2 Attack Analysis

0x2.1 Preliminary Attack Analysis

  • Step 1: preparing funds and fake paths. The attacker borrows the flashloan about 915 BNB from DVM and swaps part of them into 116 fBNB. The attacker then creates a bunch of contracts which will be used as fake paths.
  • Step 2: depositing the initial fund. By depositing 115 fBNB into FEGexPRO contract, the attacker increases his balances2 in the victim contract.
  • Step 3: performing the arbitrary approval. The attacker then invokes the swapToSwap function and passes a fake path as the first parameter, which leads to the FEGexPRO contract approving the path to spend 114 fBNB.
  • Step 4: making another approval by invoking the depositInternal function and the swapToSwap function. The FEGexPRO contract approves another path to spend 114 fBNB.

0x2.2 Advanced Attack Analysis

0x3 The Root Cause

  • First, the arbitrary approval caused by the unverified parameter in the swapToSwap function.
  • Second, the inconsistency between the actual value and the recorded one of the victim contract’s balance due to the fake swap in the swapToSwap function. This is used to repeatedly make the approvals by restoring the deposit amount of the attacker.

0x4 Other Related Attacks

About BlockSec

--

--

--

A Blockchain Security and Data Company.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Can governments really hack your webcam?

Welcome zSHARK Holders! (Collaboration with AutoShark Finance)

Hello, Dr. Mario? I think I’ve got a touch of Pac-Man Fever. I’ve been sick for almost a Fortnite!

Investing in a market leader

How Distributed Account Takeover Attacks Knockout Online Businesses

{UPDATE} Drawing & Coloring Animal Book Hack Free Resources Generator

{UPDATE} FIFTEEN - 15 puzzle - Hack Free Resources Generator

{UPDATE} ガンダムロワイヤル Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
BlockSec

BlockSec

A Blockchain Security and Data Company.

More from Medium

Analysis of Attack on Feminist Metaverse

SlowMist: Fortress Protocol Hack Analysis

Revisiting the CashioApp Security Incident

xToken Double Initialize Bugfix Review