MO Token Hack Analysis
Published in
2 min readMar 26, 2024
On March 14, 2024, MO suffered an attack due to a business logic vulnerability, leading to an approximate loss of over 413K USDT.
Smart Contract Hack Overview:
Decoding the Smart Contract Vulnerability:
- The hacker kept repeating the “borrow” and “redeem” actions, finding the root cause in the “borrow” function. This function moved MO tokens from a pair to a BURN address.
- By doing “borrow” multiple times, the amount of MO tokens in the pair became very low, making it easy for the hacker to take all the MO tokens with just a small amount of MO.
- Also, in the “borrow” function, the price of MO tokens was figured out by looking at how many MO tokens and USDT were in the pair. With repeated borrowings, the price of MO went up a lot.
- This allowed the hacker to borrow a lot of USDT using only a small amount of MO tokens.
Mitigation and Best Practices:
- Always validate your code by writing comprehensive test cases that cover all the possible business logic.
- To prevent such vulnerabilities, the best Smart Contract auditors must examine the Smart Contracts for logical issues. We at CredShields provide smart contract security and end-to-end security of web applications and externally exposed networks. Schedule a call at https://credshields.com/
- Scan your Solidity contracts against the latest common security vulnerabilities with 130+ detections at SolidityScan
Conclusion:
SolidityScan is an advanced smart contract scanning tool that discovers vulnerabilities and reduces risks in code. Request a security audit with us, and we will help you secure your smart contracts. Signup for a free trial at https://solidityscan.com/signup
Follow us on our Social Media for Web3 security-related updates.
SolidityScan — LinkedIn | Twitter | Telegram | Discord
