HACK ANALYSIS 2 min read

CirculateBUSD Hack Analysis — Have you ever been rug pulled?

On January 12, 2023, there was yet another cryptocurrency hack that cost 2.27 million dollars because the owner of the contract used a rug-pull attack to transfer most of the tokens to a contract that was externally controlled.

Smart Contract Hack Overview:

Fig: Attacker’s transaction

Decoding the Smart Contract Vulnerability

StartTrading(), which serves as a backdoor for the BUSD contract, was called by the contract owner.
The swaptoToken() method of the SwapHelper contract was invoked within the startTrading() function.

The SwapHelper contract conducts internal calls and obtains approval from the BUSD contract in order to approve and transfer BUSD tokens to an attacker-controlled address.

Mitigation and Best Practices:

Before investing any money in a project, one must do extensive study on it in order to protect themselves against rug pull.
Examine the team’s credibility in relation to the main developers, project owners, and investors.
To find out how many people are holding tokens, look for the holders on block explorers. The likelihood of an exit fraud increases as the number of wallets holding the token decreases.
Wait until a new product has had some time to gain acceptance. The more time a project has been on the market, the more credible it is.
Try out our free tool QuickScan, a smart contract analysis tool, is built by the SolidityScan team. It is designed to assist users in identifying potential rug pull scams by providing an in-depth analysis of a smart contract’s code and highlighting any potential red flags that may indicate a scam.
Scan your Solidity contracts against the latest common security vulnerabilities with 130+ patterns at SolidityScan, which includes the detection of re-entrancy vulnerabilities.

Contact Us