SlowMist: Analysis of Paid Network’s Hacked Event

The Ethereum DApp project Paid Network was under attack. The attacker minted nearly 160 million U.S. dollars in PAID tokens through contract vulnerabilities and made a profit of 2,000 ETH (about 3 million U.S. dollars). The SlowMist Security Team followed up and analyzed it at the first time, and now we will analyze the details for your reference.

Attack details analysis

The above is the call flow details of the entire attack process.

It can be seen that the entire attack process is very simple. The attacker ends the entire attack process by calling the function with the function signature (0x40c10f19) in the proxy contract. Since the signature of this function is unknown, we need to check what function the signature of this function corresponds to.

By consulting this function signature, we found that this signature corresponds to the mint function. In other words, the attacker ends the attack process after directly calling the mint function. So here, we seem to be able to conclude that the mint function is not authenticated and leads to a loophole in arbitrary coin minting. Through Etherscan’s analysis of the token transfer process, it seems that this conjecture can also be supported.

But is this really the case?

In order to verify the idea of unauthenticated arbitrary minting, we need to analyze the specific logic of the contract. Since Paid Network uses a contract upgradeable model, we need to analyze the specific logical contract (0xb8…9c7). But when we checked on Etherscan, we found that the logic contract was not open source.

In order to find out, we can only use decompilation to decode the logic of the contract. Through Etherscan’s built-in decompilation tool, you can directly decompile contracts that are not open source. After decompilation, we discovered an amazing fact:

Through decompilation, we found that the mint function of the contract is authenticated, and this address is the address of the attacker (0x187…65be). So why is a function with authentication stolen? Since the contract is not open source, it is impossible to view more specific logic, and can only be analyzed based on the existing situation. Our analysis may be that the private key of the address (0x187…65be) was stolen, or other reasons caused the attacker to directly call the mint function for arbitrary coin minting.


Although the attack process was simple, after detailed analysis, there were amazing discoveries. At the same time, this attack once again sounded the alarm on the issue of excessive authority. If the authentication given by the mint function this time is a multi-signature address or uses other methods to distribute permissions, then this attack will not occur.

Reference link:

Attack transaction:

About us

SlowMist Technology is a company focused on blockchain ecosystem security. It has served many top or well-known projects around the world through “the security solution that integrated the threat discovery and threat defense while tailored to local conditions” and has nearly a thousand commercial customers. SlowMist’s security solutions include security audit, threat intelligence (BTI), bug bounty, defense deployment, security consultant, and other services. SlowMist is equipped with cryptocurrency anti-money laundering (AML), false top-up scanner, vulnerability scanner, and vulnerability monitoring (Vulpush), hacked project archives (SlowMist Hacked), smart contract firewall (FireWall.X), Safe Staking and other SAAS security products. It has been widely concerned and recognized by the industry.

Focuses on Blockchain Ecosystem Security, has served Huobi/OKEx/Binance/imToken, nearly a thousand commercial customers in total.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store