SlowMist: Analysis of Uranium Finance’s Hacked Event
According to news from the SlowMist Zone, the DeFi project Uranium on the Binance Smart Chain was “hacked” with a loss of 50 million U.S. dollars. The SlowMist security team immediately intervened in the analysis and shared it for your reference in the form of a newsletter:
This problem occurred on the pair contract of the Uranium project. The swap function part of the contract logic refers to the logic of PancakeSwap, allowing users to lend out funds through flash loans. However, when this function checks the contract balance according to the constant product formula, there is a problem of accuracy processing errors, resulting in the balance calculated in the final contract being 100 times larger than the actual balance of the contract. In this case, if the attacker uses a flash loan to borrow , Only need to return 1% of the loan amount to pass the inspection and steal the remaining 99% of the balance, resulting in project losses.
At present, Uranium official has issued a document confirming the theft, and recommends that users contact the official to calculate the loss. The SlowMist security team recommends that users pay attention to risks when participating in DeFi projects, participate cautiously, and choose reliable project parties that have undergone security audits to participate in DeFi to avoid financial losses .
SlowMist Technology is a company focused on blockchain ecosystem security. It has served many top or well-known projects around the world through “the security solution that integrated the threat discovery and threat defense while tailored to local conditions” and has nearly a thousand commercial customers. SlowMist’s security solutions include security audit, threat intelligence (BTI), bug bounty, defense deployment, security consultant, and other services. SlowMist is equipped with cryptocurrency anti-money laundering (AML), false top-up scanner, vulnerability scanner, and vulnerability monitoring (Vulpush), hacked project archives (SlowMist Hacked), smart contract firewall (FireWall.X), Safe Staking and other SAAS security products. It has been widely concerned and recognized by the industry.