Decoding Ragnarok Online Invasion $44,222 Exploit| QuillAudits
On the 8th of September, 2022, Ragnarok Online Invasion($ROI) was attacked. The cause of the attack was a typical access control vulnerability of ownership transfer function. Around 158 BNB (44,222.5 BUSD) was stolen by the hackers in this attack.
Introduction to Ragnarok Online Invasion:
Ragnarok Online Invasion ($ROI) is a cryptocurrency, deployed on Binance Smart Chain(BSC BEP-20). It is a token created to characterize the GameFi or NFT video game called “Ragnarok Online”.
Vulnerability Analysis & Impact:
The cause of this attack was a simple access control issue, which allowed anyone to transfer ownership of the contract. The transferOwnership function has no access controls like OnlyOwner modifier or onlyAdmin to prevent malicious users from calling the function. See the code below.
- First, the attacker called the
OwnershipTransferredfunction and easily transferred the ownership of the function to 0x158af3d23d96e3104bcc65b76d1a6f53d0f74ed0 contract.
2. Now, the attacker swaps $ROI tokens for $BUSD, and then finally swaps $BUSD for $BNB tokens.
3. Then the attacker finally calls
withdrawal function and successfully withdraws around 162.5 $BNB which amounts to around $47,384.
After the Exploit :
As a result of the attack, the price of the $ROI token fell by almost 99%. The current price(as of writing this blog) of the $ROI token is $0.0012. The liquidity of the token dropped from $49.6K to $5.5K. See here for more details.
Status of Stolen Funds:
All the stolen funds rest in the hacker’s address. See here for transaction details.
How they could have prevented the Exploit?
This attack could have been prevented by implementing proper access control. Although the project had onlyOwner modifier (see here) in the contract, it was not implemented in transferOwnership functions which led to this attack. Adding onlyOwner modifier in transferOwnership function could have prevented the attack. See Below snippets:
Further Reference / Credit:
Similar projects secured by QuillAudits:
Web3 security- Need of the hour
Why QuillAudits For Web3 Security?
QuillAudits is well-equipped with tools and expertise to provide cybersecurity solutions saving the loss of millions in funds.
Want more Such Security Blogs & Reports?
Connect with QuillAudits on :