SlowMist: Analysis of Uranium Finance’s Hacked Event

According to news from the SlowMist Zone, the DeFi project Uranium on the Binance Smart Chain was “hacked” with a loss of 50 million U.S. dollars. The SlowMist security team immediately intervened in the analysis and shared it for your reference in the form of a newsletter:

Attack analysis

This problem occurred on the pair contract of the Uranium project. The swap function part of the contract logic refers to the logic of PancakeSwap, allowing users to lend out funds through flash loans. However, when this function checks the contract balance according to the constant product formula, there is a problem of accuracy processing errors, resulting in the balance calculated in the final contract being 100 times larger than the actual balance of the contract. In this case, if the attacker uses a flash loan to borrow , Only need to return 1% of the loan amount to pass the inspection and steal the remaining 99% of the balance, resulting in project losses.

Summary

At present, Uranium official has issued a document confirming the theft, and recommends that users contact the official to calculate the loss. The SlowMist security team recommends that users pay attention to risks when participating in DeFi projects, participate cautiously, and choose reliable project parties that have undergone security audits to participate in DeFi to avoid financial losses .

Reference link:

https://bscscan.com/tx/0x5a504fe72ef7fc76dfeb4d979e533af4e23fe37e90b5516186d5787893c37991

About us

SlowMist Technology is a company focused on blockchain ecosystem security. It has served many top or well-known projects around the world through “the security solution that integrated the threat discovery and threat defense while tailored to local conditions” and has nearly a thousand commercial customers. SlowMist’s security solutions include security audit, threat intelligence (BTI), bug bounty, defense deployment, security consultant, and other services. SlowMist is equipped with cryptocurrency anti-money laundering (AML), false top-up scanner, vulnerability scanner, and vulnerability monitoring (Vulpush), hacked project archives (SlowMist Hacked), smart contract firewall (FireWall.X), Safe Staking and other SAAS security products. It has been widely concerned and recognized by the industry.

--

--

--

Focuses on Blockchain Ecosystem Security, have served over 1k+ customers.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

API Penetration Testing : Things To Be Noted

Testnet Guide — zkSync 2.0

{UPDATE} Sound Dots Hack Free Resources Generator

HTB: Paper (Easy)

{UPDATE} Puzzle Surfers Hack Free Resources Generator

#Gamejet Bounty Program Is Live!

Map your security journey at Rootconf this year — HasGeek Newsletter

🎊Beta Release🎊

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
SlowMist

SlowMist

Focuses on Blockchain Ecosystem Security, have served over 1k+ customers.

More from Medium

Lunaray Token Security Scan Report

Tranquil Finance & Keystone Partnership: Secure Signing on Harmony Blockchain!

Tranquil & Keystone wallet partnership

Gnosis Safe Multisig User Incident Analysis

Beaver Finance Weekly Report # 2