Hdr_About.jpg

Detail Analysis

link.png

Date:

Status:

Count:

Contributor:

April 21, 2022

info.png

Verified

1

zerofriction.io

Loss Amount:

1,000,000

info.png

Recovered Amount:

-

Currency:

Dollars, YEED

KYC By:

Audit By:

None

None

info.png

Website:

Twitter:

Discord:

No data

Telegram:

Medium:

No data

Github:

No data

info.png

Key Indicators

Platform:

Type:

Category:

Method:

Binance Smart Chain

Platform

Dexes

Contract Vulnerabilities

Extended Method:

Logic error, Reward distribution

Data Sources:

info.png

Zeed is an autonomous decentralized financial integrated ecosystem built by community users all over the world. Relying on the powerful application technology at the bottom of blockchain and the rich product functions of the community, Zeed, in conjunction with FAR NFT Ecology and HALO Network, can quickly complete intelligent contracts related to cross-chain bridge, SWAP, stable currency, NFT and financial derivatives.

Zeed community was exploited its reward distribution vulnerability allowing the attacker to reward him/herself $1M from the protocol. However the attacker forgot to transfer out the stolen funds before self-destructed the attack contract, thus the exploit nettted the attacker a negative return ($44) due to gas fees. The stolen fund is permanently stuck in the attack contract.

According to BlockSec, when a user swapped in the pair, the token will reward the pair, by dividing the reward into three different pairs. However, the project has a vulnerability that distributes the rewards without dividing into three pairs.

Since these pairs get tokens, then the attacker can get the tokens by invoking the skim function of the pair.

Interestingly, the attacker does not transfer the obtained tokens out before self-destructing the attack contract.

info.png

DISCLAIMER: While Zero Friction LLC has used the best efforts in aggregating and maintaining this database, Zero Friction LLC makes no representations or warranties with respect to the accuracy or completeness, and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose. 

Under no circumstances, shall Zero Friction LLC be liable for any loss of profit or funds, any regulatory or governmental penalties, any legal costs, or any other commercial and non-commercial damages, including but not limited to special, incidental, consequential, or other damages from any or all usage of the dataset or information derived from our database.