Author

Topic: The protocol logic is as important as the code(For flash loans attack in BSC) (Read 61 times)

jr. member
Activity: 40
Merit: 1
The implementation of the BSC chain in 2021 will push Decentralized Finance (DeFi) to another upsurge. The total lock-up value of the DeFi protocol once hit 130 billion dollars. The entire currency circle is crazy, and various DeFi protocols have sprung up. , But with the sharp drop in the price of Bitcoin and frequent security incidents, the lock-up volume of the DeFi protocol has begun to show a downward trend.

In the early days, the fixed and lower transaction fees provided by BSC and the developer-friendly operating system provided by BSC attracted a number of DeFi protocols to migrate to the new chain. At the same time, it also attracted a group of challengers who positioned themselves as Uniswap. AMM. Of course, from the current situation, they are just simple forks.

On May 28th, the first autonomous governance AMM BurgerSwap on the BSC chain and the DEX protocol JulSwap were attacked by flash loans one after another. It is worth noting that the code of BurgerSwap and JulSwap are Fork Uniswap, but it seems that they do not fully understand the logic behind Uniswap.

If you don’t fully understand the mathematics behind Uniswap, why imitate it? In order to quickly get the favor of capital? Or are you afraid of missing traffic from hotspots? We couldn't stop the imitation from happening, but we quickly saw the result: BurgerSwap lost $7 million, and $JULB fell more than 95% in a short time.

PeckShield security personnel quickly located BurgerSwap. The reason for the flash loan attack was that the attacker used a reentry attack to call the _update() function before the smart contract normally started the second deposit, and first exchanged 45,453 BURGER.

PeckShield briefly describes the attack process:
1.The attacker borrowed 6,047.13 WBNB flash loans from the PancakeSwap WBNB-BUSDT pool;
2.In BurgerSwap, call the function DemaxPlatform.swapExactTokensForTokens() to convert 6,029 WBNB to 92,677 BURGER;
3.Create counterfeit BURGER-Fake LP on BurgerSwap platform, and issue 100 counterfeit coins and 45,316.6 BURGER;
4.Exchange 100 counterfeit coins into 45,316.6 WBNB;
5.In this step, the attacker attacked the contract through a reentry attack and made another exchange, which was 45,453 BURGER to 4,478.6 WBNB;

The attacker obtained a total of 8,800 WBNB from the above two steps. Then, the attacker exchanged 493 WBNB for 108,700 BURGER in BurgerSwap and returned the flash loan to complete the attack.

"The good ones imitate, the great ones plagiarize."

For the current BurgerSwap and JulSwap, and even other Fork Uniswap agreements, it is too early to talk about surpassing Uniswap.

The DeFi field is an important part of the development of the blockchain field, but it is currently in an era when DeFi protocols are over-issued. As time goes by, those DeFi protocols that focus on safety and care for their feathers can survive.
Jump to: