Binance Smart Chain
Logic error, Reward distribution
Zeed is an autonomous decentralized financial integrated ecosystem built by community users all over the world. Relying on the powerful application technology at the bottom of blockchain and the rich product functions of the community, Zeed, in conjunction with FAR NFT Ecology and HALO Network, can quickly complete intelligent contracts related to cross-chain bridge, SWAP, stable currency, NFT and financial derivatives.
Zeed community was exploited its reward distribution vulnerability allowing the attacker to reward him/herself $1M from the protocol. However the attacker forgot to transfer out the stolen funds before self-destructed the attack contract, thus the exploit nettted the attacker a negative return ($44) due to gas fees. The stolen fund is permanently stuck in the attack contract.
According to BlockSec, when a user swapped in the pair, the token will reward the pair, by dividing the reward into three different pairs. However, the project has a vulnerability that distributes the rewards without dividing into three pairs.
Since these pairs get tokens, then the attacker can get the tokens by invoking the skim function of the pair.
Interestingly, the attacker does not transfer the obtained tokens out before self-destructing the attack contract.
DISCLAIMER: While Zero Friction LLC has used the best efforts in aggregating and maintaining this database, Zero Friction LLC makes no representations or warranties with respect to the accuracy or completeness, and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose.
Under no circumstances, shall Zero Friction LLC be liable for any loss of profit or funds, any regulatory or governmental penalties, any legal costs, or any other commercial and non-commercial damages, including but not limited to special, incidental, consequential, or other damages from any or all usage of the dataset or information derived from our database.