Omni Estate Group Hack Analysis — Missing Zero Duration Validation

Omni Estate Group Hack Analysis — Missing Zero Duration Validation

Overview:

• On January 17, 2023, Omni Estate Group was attacked on the BSC chain due to improper parameter validation on the reward calculation function on the staking contract which led to the loss of $70,000 stolen by the attackers.

Smart Contact Hack Overview:

• Attacker’s Address: 0x9bbd94,0xda5919b
• Attacker’s Contract: 0xdD87D
• OMNI’s Official Contract: 0x1d64327
• Vulnerable Contract Code: 0x26bc124
• Invest Transaction: 0x49bed80
• Withdraw Transaction: 0xa916674

Decoding the Smart Contract Vulnerability

• Due to a flaw in the reward calculation functionality of the staking contract, the attacker made a single Wei investment and immediately withdrew it in order to get a significant amount of ORT tokens. The attacker then performed the same actions more frequently to gain more ORT tokens.

• As can be seen from the _Check_reward () function below, the function expects two parameter’s “durations” and “balance” to calculate the reward. The logic of the function was written using various *if-else-if* scenarios depending on the duration value, which represented the total amount of time the token was staked on the ORT token staking contract.
• During the analysis, it became obvious that the _Check_reward() method lacked logic for duration == 0, which allowed all if-else conditions to be ignored and resulted in the return of total percent, which allowed the attacker to acquire more ORT tokens without staking for a long period of time.

• After the hack, the attacker converted all of the ORT tokens into their BNB equivalents via a pancake swap, earning 256 BNB in profit.

Mitigations and Best Practices:

• To avoid jeopardizing the integrity of the contract and other users’ cash, it is suggested to thoroughly verify user input for all combinations and access control tests.
• The contract must correctly handle any input-related errors and check all crucial logic.
• To prevent such vulnerabilities, the best Smart Contract auditors must examine the Smart Contracts for logical issues. We at CredShields provide smart contract security and end-to-end security of web applications and externally exposed networks. Schedule a call at https://credshields.com/
• Scan your Solidity contracts against the latest common security vulnerabilities with 130+ patterns at SolidityScan

Conclusion:

SolidityScan is an advanced smart-contract scanning tool that discovers vulnerabilities and reduces risks in code. Request a security audit with us, and we will help you secure your smart contracts. Signup for a free trial at https://solidityscan.com/signup

Follow us on our Social Media for Web3 security-related updates.
SolidityScan — LinkedIn | Twitter | Telegram | Discord