PancakeSwap has an exploit that allows stealing tens of thousands of dollars of liquidity.

tldr

  • source-code of Uniswap v2 dex allows the possibility of stealing funds which directly sent to the pool contracts before calls of sync function
  • we found an exploiter who steals tens of thousands of dollars from PancakeSwap (clone of uniswap on binance smartchain) and currently active for 3 weeks
  • in this article, we show details on the exploit and how it’s possible to void it, Sers

intro

Recent news about a Uniswap/SushiSwap clone on a binance smart chain called Uranium (link) for 55M highlighted a question: what other DEX clones are possessing a danger for users?

migrator (link)
  1. cashout all liquidity from uniswap which this token entitled to
  2. deposit this liquidity to sushiSwap dex,
  3. and give this new LP token from sushiSwap instead of stacked uniswap LP.
  • if the owner acts in the best interest of the user — migrator converts Lp tokens, steals liquidity from the original source and deposits this liquidity in a new pool, and changes lp token for the farming contract.
  • What’s the point of defi, where the owner can steal all money just as on CEX but with fewer consequences is another point.

exploit

So while checking the contacts of pankeswap we found something else interesting.

  • send LP tokens and get liquidity back in form or A+B tokens
  • stakes token A+B — to get LP token
$11200 from nowhere (link)
  • $6600 stolen(link)
  • and many more
  1. I want to swap 5 tokens to BNB,
  2. I call routerSwap
  3. routerSwap takes 5 tokenX from my wallet and calls low-level swap function
  4. this low level swap function works not with real erc20 balances but with “virtual” reserve balances (line 458)
  5. now difference between real erc20 and reserve is 5 of tokenX (line 473–474)
  6. logic calc how much BNB should I get based on 5 tokenX
  7. sends me right amount of BNB tokens
  1. An attacker wants to steal 5 tokens worth of BNB,
  2. Attacker calls low level swap function from with own fakeRouterSwap
  3. fakeRouterSwap doesn’t withdraw anything and calls low level swap function
  4. inside swap before 469 there’s no logit on taking away my tokenX
  5. 469 real balance didn’t increase
  6. 475 — require amountIn > 0 — it compare real balance with reserve
  7. difference between real erc20 and reserve is already 5
  8. logic calc how much BNB should I get based on 5 tokenX
  9. sends 5 tokenX worth BNB tokens to the attacker

steps to avoid

At the time of wiring this article an attack is still active. It’s ongoing continuous attack happens every hour for the last 21 days. The attacker likely has a script which automatically tracks funds transfer to the pool and immediately executes the attack.

  • if you donate a token to the pool — simple call sync after sending funds. make swaps after it.

credit

authors: Alex Lebed (twitter), Rostyslav Bortman (twitter)

Developer and entrepreneur. ex Amazon, Facebook, Genotek. Math degree in logic and algorithms. Stablecoins|privacy|singularity