According to NUMEN’s on-chain monitoring, on Jan-26-2023 07:10:47 AM +UTC, TINU Token on the Ethereum chain was attacked by flash loan, losing 22 ETH worth $35,000.
The attacker’s address: https://etherscan.io/address/0x14d8Ada7A0BA91f59Dc0Cb97C8F44F1d177c2195
The transaction:
https://etherscan.io/tx/0x6200bf5c43c214caa1177c3676293442059b4f39eb5dbae6cfd4e6ad16305668
The attacked contract: https://etherscan.io/address/0xDb2d869ac23715af204093e933f5EB57F2DC12a9, which has now self-destructed.
Attack Analysis
The attacker obtains ETH through flash loan and subsequently exchanges them for TINU Token in Uniswap LP by using WETH.
The attacker then calls the TINU contract deliver() method to update multiple variables, followed by the transaction pair contract skim() method to remove the excess TINU tokens and update the variables involved in the TINU contract deliver() method again.
Ultimately the attacker left with a profit after exchanging the large amount of TINU tokens they obtained for ETH, and after returning the flash loan, a total of 22 ETH were obtained in this attack.
Recreating the Attack
Test results
According to the test, it is consistent with the attacker’s profit.
If you wish to audit and ensure that your projects are free from exploits such as these, please reach out to us here.
Numen Cyber Labs is committed to facilitating the safe development of Web 3.0. We are dedicated to the security of the blockchain ecosystem, as well as operating systems & browser/mobile security. We regularly disseminate analyses on topics such as these, please stay tuned or visit our blog here for more!
