Published in


Feminist Metaverse attack analysis

0x01 Event background

On May 18, the Feminist Metaverse smart contract on the Binance chain was attacked by a smart contract. Lost funds worth more than $550,000.

0x02 Attacker Information

Attacker wallet:0xaaA1634D669dd8aa275BAD6FdF19c7E3B2f1eF50

Attacker contract:0x0b8d752252694623766dfb161e1944f233bca10f

Attacker trancation:0xecde3c3742615852abdbd6ec5d75ae982b5c29f810e140e5cd822667d6f7b848

FmToken contract:0x843528746F073638C9e18253ee6078613C0df0f1

0x03 Attack Analysis

By analyzing the attacker’s transactions on the BNB Chain, the attacker’s main transaction process is as follows:

  1. The attacker deploys the attack contract;

2. The attack wallet sends 10 FMs to the attack contract to prepare for subsequent calls;

3. The attacker authorizes the maximum FM funds in his wallet to the PancakeSwap.Router v2 contract to facilitate subsequent token exchange;

4. The attacker officially starts to call the attack contract to attack. The attack contract calls Fmtoken.transfer to transfer the funds to the attacker’s wallet, and then withdraws a large number of FM tokens from SakeSwapPair.skim;

5. Convert the acquired FM tokens to USD and BNB.

Attacking the transaction is mainly the fourth step

The transaction flow chart in the above figure, and the transaction details in the figure below.

There are only two operations in the above transaction details: The first is that the attacker contract calls the transfer method in the Fmtoken contract to transfer FM tokens to the attacker’s wallet, each time transmitting 0.00000000000001 FM, a total of 500 transfers; The second is that the attacker’s wallet address calls the skim method in the SakeSwapPair contract to transfer 75.93 million FM to himself.

By analyzing all transactions, the attacker conducted a total of 16 successful attack transactions, 8,000 times calling the transfer method in the Fmtoken contract to transfer funds, and transferring more than 1.1 billion FM from the skim method.

0x04 Vulnerability Details

Through the above process analysis, it can be found that the main operation of the attacker’s successful profit is that the attacker contract calls the transfer method in the Fmtoken contract to transfer the FM token to the attacker’s wallet, and then obtains a large amount of funds.

For viewing the data, the key data will be displayed here

From above figure, it is clear that the attacker finally transfers the funds through the _transfer method.

Since the numTokensSellToAddToLiquidity and swapAndLiquifyEnabled variables have been determined, among the three conditions of the if condition of the _transfer method, swapAndLiquifyEnabled has been satisfied. Since the attacker calls the from != uniswapV2Pair condition, the contract address funds are not less than the value of the numTokensSellToAddToLiquidity variable. , which can satisfy the condition, so the attacker can perform the operation of updating the uniswapV2Pair address balance and address(this).

Since the funds here are added to uniswapV2Pair, the funds are not transferred by adding liquidity, but directly added to uniswapV2Pair. When the attacker performs multiple transfers, that is, the attacker transfers the funds of the contract to uniswapV2Pair multiple times.

use the skim method, which anyone can call to transfer additional assets in the contract.

The attacker calls the skim method in the SakeSwapPair contract to transfer the funds and makes a profit.

0x05 Source and destination of funds

The source of the attacker’s funds all came from the Tornado.Cash platform, and the amount was 1 BNB. At present, the attacker’s profit has been fully converted into 1838.3 BNB and transferred to the Tornado.Cash platform.

0x06 summarize

According to this attack, the Fmtoken._transfer method did not properly operate the funds added to the SakeSwapPair contract, so that the attacker can transfer the original funds in the contract to the SakeSwapPair contract through multiple times transfers in one transaction. Thereby the funds are withdrawn through the skim method.

0x07 Security advice

  • Strictly checks should be carried out on the contract fund transfer logic;
  • Before the smart contract goes online, a complete and detailed test should be carried out to ensure that the contract logic is correct.
  • A comprehensive security audit should be conducted before smart contracts go live

Join Coinmonks Telegram Channel and Youtube Channel learn about crypto trading and investing

Also, Read



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store

Lunaray takes a leading position in smart contract auditing and consulting service for blockchain security.