SolidityScan
HACK ANALYSIS 2 min read

DAppSocial Hack Analysis

DAppSocial Hack Analysis

Overview:

On September 2, 2023, DAppSocial suffered a hack due to a business logic vulnerability, leading to an approximate loss of ~16k USD.

Smart Contract Hack Overview:

Fig: Attack Transaction

Decoding the Smart Contract Vulnerability:

  • The attacker initiated their attack by creating a helper contract , deposited 2 USDT and called lockTokens on behalf of this contract for 0 seconds which was a valid locking period for the vulnerable contract.
  • In the same transaction, the attacker executed the ‘withdrawTokensWithAlt’ function. This function had two critical issues:
  1. It checked the balance for ‘msg.sender’ while subtracting from an address controlled by the attacker.
  2. It lacked a check for integer underflow, allowing the attacker to set an arbitrary balance for any address.
  • Following these steps, the attacker executed the ‘withdrawTokens’ function on behalf of the helper exploit contract, draining all the USDT and then the USDC from the vulnerable contract.

Mitigation and Best Practices:

  • Always validate your code by writing comprehensive test cases that cover all the possible business logic.
  • To prevent such vulnerabilities, the best Smart Contract auditors must examine the Smart Contracts for logical issues. We at CredShields provide smart contract security and end-to-end security of web applications and externally exposed networks. Schedule a call at https://credshields.com/
  • Scan your Solidity contracts against the latest common security vulnerabilities with 130+ detections at SolidityScan
Fig: SolidityScan — Smart Contract Vulnerability Scanner

Conclusion:

SolidityScan is an advanced smart contract scanning tool that discovers vulnerabilities and reduces risks in code. Request a security audit with us, and we will help you secure your smart contracts. Signup for a free trial at https://solidityscan.com/signup

Follow us on our Social Media for Web3 security-related updates.
SolidityScan — LinkedIn | Twitter | Telegram | Discord

Zunami Protocol Hack Analysis
LeetSwap Hack Analysis