SolidityScan
HACK ANALYSIS 2 min read

VOW Hack Analysis

VOW Hack Analysis

Overview:

On 13th August 2023, the VOW project’s USD rate setter function in the v$ contract was exploited, leading to the creation of nearly v$2 billion. This was due to a vulnerability during the testing of the contract’s minting function, which was exploited by a bot that executed a transaction, severely disrupting market conditions.

Smart Contract Hack Overview:

Fig: Attack Transaction

Decoding the Smart Contract Vulnerability:

  • The issue occurred during the testing phase of the USD rate setter function within the v$ contract.
  • The team adjusted the USD rate, followed by sending 1 million VOW tokens to the contract to verify functionality. This resulted in the minting of v$100 million as expected.
  • However, within a 15–30 second window, a bot detected this change and sent 20 million VOW tokens to the contract.
  • Due to the absence of adequate safeguards, the contract minted an additional v$2 billion.
  • The bot then sold the newly created v$2 billion in the Uniswap pool, disrupting the market and leading to significant price impact.

Mitigation and Best Practices:

· To prevent such rapid exploitation, consider implementing rate limiting and time lock mechanisms within your smart contracts.

· Implement circuit breakers that allow you to pause or halt contract operations in the event of unexpected behavior or attacks.

· Always validate your code by writing comprehensive test cases that cover all the possible business logic.

· To prevent such vulnerabilities, the best Smart Contract auditors must examine the Smart Contracts for logical issues. We at CredShields provide smart contract security and end-to-end security of web applications and externally exposed networks. Our public audit reports can be found on https://github.com/Credshields/audit-reports. Schedule a call at https://credshields.com/

· Scan your Solidity contracts against the latest common security vulnerabilities with 225+ detections at SolidityScan.

Fig: SolidityScan — Smart Contract Vulnerability Scanner

Conclusion:

SolidityScan is an advanced smart contract scanning tool that discovers vulnerabilities and reduces risks in code. Request a security audit with us, and we will help you secure your smart contracts. Signup for a free trial at https://solidityscan.com/signup

Follow us on our Social Media for Web3 security-related updates.

SolidityScan — LinkedIn | Twitter | Telegram | Discord

CUT Token Hack Analysis
Bankroll Network Hack Analysis