Bogged Finance Incident: Root Cause Analysis

Started at May-22–2021 02:47:06 PM +UTC, Bogged Finance was exploited to inflate the BOG balance, which is immediately sold to gain about $3.6M. The incident was due to a bug that allows the attacker to increase the balance via self-transfer. While it appears to be a flashloan attack, it is a flashswap-assisted one. In the following, we elaborate the technical details.

Summary

Details

The Hack Walk-through

We started the analysis from the transaction behind the hack: a986…2710. This hack is initialized from this attacker address (located at 0x4622) and works as follows:

  • Step 1: Take nine flash-swaps and add liquidity into the WBNB+BOG pool. Each flash-swap leads to 47,770 BOG and the entire process consumes 88,159.43 WBNB with 83,440.57 LP token minted.
  • Step 2: Stake the minted 83,440.57 WBNB+BOG LP tokens into the BOG token contract for profit sharing.
  • Step 3: Perform 434 self-transfers in the total transfer amount of 18.74M BOG, resulting in an increased balance of 151K BOG.
  • Step 4: Sell the extra BOG to WBNB, and then to anyETH.
  • Step 5: Remove the added liquidity in Step 1 and complete the flash-swaps.

The Stolen Funds

About Us

A Blockchain Security Company (https://peckshield.com)