SlowMist: ONTR Token Contract Access Control Vulnerability Leads to ~$98,000 Loss

According to SlowMist monitoring, the ONTR token contract suffered a loss of 49.4801 WETH, valued at approximately $98,000, due to an access control vulnerability in the onlyOwner modifier.

The attacker (0xe806...b760) exploited this vulnerability by passing the permission check when the owner was set to address(0). The attacker then called transferOwnership() to set the attacker's contract as the owner. Subsequently, desertJasper() was invoked to queue hidden balances, followed by glenFlash() to execute ashBud(), which directly increased an address's balance by 1e30 base units without incrementing totalSupply. The attacker transferred the inflated tokens to PancakePair (0xd46d...83fd) and exchanged them for WETH via swap().