In May 2021, we witnessed multiple hacks targeting BSC DeFi products. In particular, a loophole related to reward minting in the yield aggregator, PancakeBunny, was exploited to mint ~7M BUNNY tokens from nothing, leading to a whopping $45M financial loss. After the bloody hack, three forked projects —  AutoShark, Merlin Labs, and PancakeHunny — were attacked with similar techniques. Amber Group’s Blockchain Security team, led by Dr. Chiachih Wu, elaborates on the loophole and gives a step-by-step account of the exploit by reproducing the attack against PancakeBunny. Hidden Attack Surface: balanceOf() Many people believe that composability is crucial to the success of DeFi. Token contracts (e.g., ERC20s) play an essential role on the bottom layer of DeFi legos. However, developers may overlook some uncontrollable and unpredictable conditions when integrating ERC20s into their DeFi projects. For example, you can’t predict when and how many tokens you will receive when you retrieve…

Continue reading…

Trending stories from over 100 sources, YouTube and Twitter
Our archive contains 199,557 news items. 517 articles added this week.