Eleven Finance Incident: Root Cause Analysis



The Hack Walk-through

  • Step1: Borrow a flashloan from PancakeSwap with 953,869.62 BUSD, which is returned at the last step with necessary fee to cover the flashloan cost.
  • Step 2: Swap 340,631.23 BUSD for 474,378.75 NRV via PancakeRouter.
  • Step 3: Add liquidity with 474,378.75 NRV and 366,962.02 USDT into NRV+BUSDT pool via PancakeRouter and mint in return 411,515.29 Pancake LP tokens.
  • Step 4: Deposit 411,515.29 Pancake LP tokens into Eleven Finance via ElevenNeverSellVault and obtain 411,515.29 11 nrvBUSD LP tokens.
  • Step 5: Call emergencyburn() to withdraw 411,515.29 Pancake LP tokens without burning any 11 nvrBUSD LP token. The attacker then calls withdrawAll() to get extra 411,515.29 Pancake LP tokens with the related 11 nvrBUSD LP tokens burned.

The Stolen Funds

About Us




A Blockchain Security Company (https://peckshield.com)

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Is Online Banking Safe

Float Protocol: BANK distribution- whitelist expansion

Is a vendor/technology lock-in a security risk?

Risk management is required when you have a vendor and/or technology lock-in.

Benefits of Managed Dedicated Server

Benefits of Managed Dedicated Server — Techbrace

Who I am, and how I got here

Discord Predators

Discord Predators

Apple Wallet Can be Used in TSA Checkpoints by February

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


A Blockchain Security Company (https://peckshield.com)

More from Medium

Takeshi’s Tales Part 1 — Finding P2E and Breeding like a Madman

The 2022 OPM Market Update — Part 3


Community Spotlight Series — Janice Wong