Neptune Mutual
Published in

Neptune Mutual

Decoding Sheep Farm Smart Contract Hack

TL;DR

On November 15, 2022, the Sheep Farm project was attacked by a hacker resulting in the loss of approximately 262 $BNB tokens worth $72,000.

Introduction to Sheep Farm

Sheep Farm is an investment blockchain game on the BNB chain.

Vulnerability Assessment

The root cause of the attack is a vulnerability in one of the SheepFarm contract’s functions, which could be called multiple times to increase the gems yield.

Steps

  1. We investigated one of the attack transactions carried out by the hacker.

2. The vulnerability existed in the register function of the SheepFarm contract.

3. This function validates a user’s timestamp to verify if they are a new user.

4. It doesn’t however update the timestamp after the user registration is completed.

5. The perspective attacker invoked this function multiple times to increase his own gems values.

6. They used the upgradeVillage function to accumulate yield while consuming gems properties.

7. The sellVillage function of the contract was called to convert the yield to money.

8. Finally, they converted the funds into $BNB tokens and withdrew them using the withdrawMoney function.

Aftermath

Following the incident, the team put their platform into maintenance mode.

How to prevent such an attack vector

This exploit could have been prevented if proper validation techniques had been used to ensure that all potential attack surfaces had been completely fixed. It is essential that the project team conduct rigorous audit procedures with multiple blockchain security firms to prevent such occurrences.

Protocol, and Platform Security

Our security team at Neptune Mutual can validate your platform for DNS and web-based security, smart contract reviews, as well as frontend and backend security. We can offer you a solution to scan your platform and safeguard your protocol for known and unknown vulnerabilities that have the potential to have catastrophic long-term effects. Contact us on social media if you are serious about security and have the budget, desire, and feeling of responsibility to do so.

Reference source
BlockSec

About Us

Neptune Mutual project safeguards the Ethereum community from cyber threats. The protocol uses parametric cover as opposed to discretionary insurance. It has an easy and reliable on-chain claim process. This means that when incidents are confirmed by our community, resolution is fast.

Join us in our mission to cover, protect, and secure on-chain digital assets.

Official Website: https://neptunemutual.com
Blog: https://blog.neptunemutual.com/
Twitter: https://twitter.com/neptunemutual
Reddit: https://www.reddit.com/r/NeptuneMutual
Telegram: https://t.me/neptunemutual
Discord: https://discord.gg/2qMGTtJtnW
YouTube: https://www.youtube.com/c/NeptuneMutual
LinkedIn: https://www.linkedin.com/company/neptune-mutual

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Neptune Mutual

Neptune Mutual

Neptune Mutual provides you with guaranteed stablecoin liquidity to reduce risk exposure by hedging against capital risks and smart contract vulnerabilities.