Slow Mist's Cosine Questions BNB Chain LABUBU "Hack" Incident: Suspicious Abnormal Modification of Key Parameters

Odaily news, Slow Mist founder Cosine published an analysis stating that the approximately $1.1 million loss incident in the OLPC / LABUBU liquidity pool on BNB Chain is suspicious. The loss occurred due to a severe imbalance in the OLPC/LABUBU trading pair, caused by a "vulnerability" in OLPC being exploited. Under certain conditions in _update, it is possible to burn OLPC tokens amounting to value * decimalsValue. Normally, decimalsValue is 1, but approximately 46 days before the attack, it was changed by the owner to an extremely large value of 7,326,680,472,586,200,649. A few days later, the OLPC owner renounced ownership, setting it to the zero address.

Today, the attacker exploited this extremely large decimalsValue to trigger the Pair reserve burn, allowing a small amount of OLPC to extract a large amount of LABUBU. The attacker ultimately swapped 1.115 million USDT at a low cost. The suspicious point lies in the setting of decimalsValue—why did the OLPC owner set such an abnormally large value?