WardenSwap Incident Report
This is the statement regarding the incident that happened on Apr-11–2021 04:46:22 AM +UTC. Explore the transaction right here.
What happened?
Incident: the user reported that he has lost his own $22,797 while trading on our platform
Source Token Amount: 335,537,240.395908306383453246 BIDR ($22,797)
Received Token Amount: 0.000159951208588656 LINK ($0.01)
Incident explanation
The user swapped 335,537,240.395908306383453246 BIDR ($22,797) via our platform and received 0.000159951208588656 LINK ($0.01). After two days of investigation, we found that the incident was caused by one of the input component’s features of our web front-end.
Therefore, we have contacted the user and we will fully compensate for his lost fund in WAD tokens. Furthermore, we would temporarily disable the input feature that caused the incident for improvement.
We guarantee that our best rate query engine and our swap smart contract still function properly. This incident was caused by the input feature in question.
Full analysis
Upon receiving the contact from the user, we started to investigate this incident. We inspected the transaction and found that our swap smart contract routed the user’s fund to the following two low liquidity pools.
- Route #1: submitting 33,553,724.039590836 BIDR to WBNB-BIDR PancakeSwap LP (route no. 5) and received 0.000001385898748001 WBNB
- Route #2: submitting 301,983,516.356317475745107921 BIDR to BUSD-BIDR WardenSwap LP (route no. 18) and received 0.004542056204155503 BUSD
Figure 1 shows a snippet of our splitTwoRoutes function. This function takes source token address, destination token address, source amount, an array of route numbers, and percent step as inputs. Technically, the function would split the user’s source tokens into two routes, per the inputted route numbers, to swap the source tokens to the destination tokens.
From our investigation, the splitTwoRoutes function performed according to the inputted parameters perfectly. In fact, we design this function using a failsafe pattern. The function will always perform an atomic transaction according to the inputted parameters and cannot be partially failed. Hence, we can confirm that our swap smart contract executed the transaction correctly.
Since then, we found a clue that the inputted parameters were incorrect. We then started to examine our best rate query engine and our web front-end. To achieve this, we had to synchronize a full archive BSC node and simulate the incident by replaying the transaction.
Finally, we found that our best rate query engine functioned correctly 💪 and we can conclude that the incident was caused by one of the input component’s features of our web front-end.
After the simulation of the incident, we can successfully reproduce the screenshot similar to the one reported by the user as shown in Figure 2. The root cause of this incident is the 2nd input component (i.e., the receive input text box). Now, we temporarily disable this feature for improvement.
Our compensation to the user
After the investigation, we can reproduce the incident and found that the evidence reported by the user is true. We have contacted the user and we will fully compensate for his lost fund in WAD tokens. Other than that, we deeply apologize to the user for our long investigation and our rejection of the report at the early stage. 🙇
What’s next?
To ensure the users who are using our platform, we always strive to improve our platform for better user benefits 🤝. We are preparing for bug bounty programs to make sure that our platform will continue to enhance its security as well as its best price offering.
