SolidityScan
HACK ANALYSIS 2 min read

BH Token Hack Analysis

BH Token Hack Analysis

Overview:

On October 11 , 2023, BH token suffered a price manipulation attack, leading to an approximate loss of ~1.27M USD.

Smart Contract Hack Overview:

Fig: Attack Transaction

Decoding the Smart Contract Vulnerability:

  • The attacker utilized a flashloan to borrow a substantial amount of $USDT, a stablecoin.
  • The attacker executed the 0x33688938() function to add the borrowed $USDT to a contract. This contract was responsible for providing liquidity to a trading pair, and under normal circumstances, the liquidity ratio was about 1 $USDT to 100 $BH tokens.
  • Subsequently, the attacker swapped their borrowed $USDT for $BH tokens using this pair and carried out the 0x4e290832 function to remove liquidity.
  • The exploitation of this process resulted in a significant change in the liquidity removal ratio, which deviated from the typical 1 $USDT to 100 $BH tokens. The attacker managed to achieve a ratio of about 1 $USDT to 2 $BH tokens, which allowed them to withdraw a larger amount of $USDT than they initially put in.
Fig: Attack Flow

Mitigation and Best Practices:

  • Price manipulation attacks can be prevented by employing various protective measures to minimize slippage. One such approach is to employ off-chain price oracles like Chainlink, which are resilient to attempts at manipulating prices.
  • Furthermore, smart contracts can be equipped with mechanisms that limit how quickly a token’s value can deviate from a specific range, thus bolstering defence against manipulation.
  • To prevent such vulnerabilities, the best Smart Contract auditors must examine the Smart Contracts for logical issues. We at CredShields provide smart contract security and end-to-end security of web applications and externally exposed networks. Schedule a call at https://credshields.com/
  • Scan your Solidity contracts against the latest common security vulnerabilities with 130+ detections at SolidityScan
Fig: SolidityScan — Smart Contract Vulnerability Scanner

Conclusion:

SolidityScan is an advanced smart contract scanning tool that discovers vulnerabilities and reduces risks in code. Request a security audit with us, and we will help you secure your smart contracts. Signup for a free trial at https://solidityscan.com/signup

Follow us on our Social Media for Web3 security-related updates.
SolidityScan — LinkedIn | Twitter | Telegram | Discord

StarsArena Hack Analysis
Maestro Router 2 Hack Analysis