SellToken DEX Exploited Resulting in 279 BNB Loss
SellToken (@TrustTheTrident), the world’s first DEX short-trading aggregation platform on BSC, recently fell victim to an exploit, resulting in a substantial loss of 279 BNB. This incident sheds light on an attempt to manipulate prices, highlighting a flaw in the calculation of token prices. SellToken allows users to engage in shorting tokens; however, the token price is susceptible to manipulation based on the specific pair. This news has been uncovered by BlockSecTeam.
.@TrustTheTrident on BSC was exploited with a loss of ~279 BNB. It's a price manipulation attack and the root cause is a flawed calculation of the token price. @TrustTheTrident allows users to short tokens, but the token price relies on the pair and can be easily manipulated. pic.twitter.com/qzRnRx2zk4
— BlockSec (@BlockSecTeam) May 13, 2023
Attacker Converts 400 WBNB into 4,975,497 SELLC Tokens
The attack unfolded through a series of six crucial stages. Firstly, the attacker obtained a flash loan amounting to 1,902 WBNB. Subsequently, the PancakeSwap platform was utilized to trade 400 WBNB for a staggering 4,975,497 SELLC tokens. In the next step, the attacker sold short their SELLC position on SellToken.Router using 13.37 BNB.
Exploiting the situation further, the attacker executed a transaction on PancakeSwap, exchanging the acquired 4,975,497 SELLC tokens for 408 WBNB. As a result, they were able to extract a profit of 39.2 WBNB by withdrawing from SellToken.Router after shorting.
Trending Now: Binance Withdraws From Canadian Market Over Regulatory Challenges
To conclude the attack, the attacker repaid the flashloan debt incurred during the operation. It is worth mentioning that a vigilant member of the community, operating under the handle @sharKhim, initially detected and reported this assault. Their swift action enabled the platform to respond promptly.
SellToken Stresses Community Vigilance as Exploit Exposes DeFi Platform Risks
This incident highlights the ongoing challenges faced by decentralized finance platforms and the need for constant vigilance to identify and address vulnerabilities.
SellToken acknowledges the significance of community participation in detecting and mitigating potential threats. This exploit serves as a reminder for platforms like SellToken to continuously assess and enhance their security measures, ensuring the safety of user funds and maintaining trust in the decentralized finance space. The platform is actively working to rectify the underlying issue in the token price calculation, employing measures to prevent future manipulation attempts.
Platforms like SellToken and the community at large must remain vigilant as the world of decentralized finance develops in order to foster a secure environment for users to participate in and profit from DeFi networks’ potential.