SlowMist: Analysis of Uranium Finance’s Hacked Event

According to news from the SlowMist Zone, the DeFi project Uranium on the Binance Smart Chain was “hacked” with a loss of 50 million U.S. dollars. The SlowMist security team immediately intervened in the analysis and shared it for your reference in the form of a newsletter:

Attack analysis

This problem occurred on the pair contract of the Uranium project. The swap function part of the contract logic refers to the logic of PancakeSwap, allowing users to lend out funds through flash loans. However, when this function checks the contract balance according to the constant product formula, there is a problem of accuracy processing errors, resulting in the balance calculated in the final contract being 100 times larger than the actual balance of the contract. In this case, if the attacker uses a flash loan to borrow , Only need to return 1% of the loan amount to pass the inspection and steal the remaining 99% of the balance, resulting in project losses.

Summary

At present, Uranium official has issued a document confirming the theft, and recommends that users contact the official to calculate the loss. The SlowMist security team recommends that users pay attention to risks when participating in DeFi projects, participate cautiously, and choose reliable project parties that have undergone security audits to participate in DeFi to avoid financial losses .

Reference link:

https://bscscan.com/tx/0x5a504fe72ef7fc76dfeb4d979e533af4e23fe37e90b5516186d5787893c37991

About us

SlowMist Technology is a company focused on blockchain ecosystem security. It has served many top or well-known projects around the world through “the security solution that integrated the threat discovery and threat defense while tailored to local conditions” and has nearly a thousand commercial customers. SlowMist’s security solutions include security audit, threat intelligence (BTI), bug bounty, defense deployment, security consultant, and other services. SlowMist is equipped with cryptocurrency anti-money laundering (AML), false top-up scanner, vulnerability scanner, and vulnerability monitoring (Vulpush), hacked project archives (SlowMist Hacked), smart contract firewall (FireWall.X), Safe Staking and other SAAS security products. It has been widely concerned and recognized by the industry.

--

--

--

SlowMist is a Blockchain security firm established in 2018, providing services such as security audits, security consultants, red teaming, and more.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Mutual TLS through a Reverse Proxy

Is Cyber Security important?

descriptive words on how cyber attack can occur

Joker Malware: The Virus that Took Over Android

Proposal for .trump as TLD

What is DxSale?

Overview On Advanced Encryption Standard (AES)

SpartanDev: 18OCT — 24OCT21

{UPDATE} Ice Rage Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
SlowMist

SlowMist

SlowMist is a Blockchain security firm established in 2018, providing services such as security audits, security consultants, red teaming, and more.

More from Medium

Setup notifications for blockchain transactions with Tenderly

Add Telegram as destination

Hack with APWine! It’s Time For Virtual Hackathon ft. HackMoney

Beaver Finance Tokenomics

Dopple Finance’s $KUSD and Synthetic Assets Manual Minting Analysis