overview
first level title
Tokens with deflationary mechanisms on the blockchain have been frequently attacked recently. This article will discuss and analyze the reasons why deflation mechanism tokens are attacked, and give corresponding defense solutions.
There are usually two ways to implement the deflation mechanism in tokens, one is the burning mechanism, and the other is the reflection mechanism. Below we will analyze these two implementations and possible problems.
first level title
combustion mechanism
Typically, tokens with a burn mechanism will implement the burn logic in their _transfer function. Sometimes there are cases where the sender bears the handling fee. In this case, the amount of tokens received by the receiver does not change, but the sender needs to pay more tokens because it has to bear the transaction fee. Here is a simple example:
We then discuss possible risks in this situation.
If we only look at the token contract, we will find that there is actually no problem with this way of writing, but there are many complicated situations in the blockchain, which require us to consider many aspects.
Usually, in order for the token to have a price, the project party will add liquidity to the token on decentralized exchanges such as Uniswap and Pancakeswap.
Among them, in Uniswap, there is a function skim, which will transfer the difference between the balance and reserve of the two tokens in the liquidity pool to the caller to balance the balance and reserve:
At this time, the sender becomes a liquidity pool. When _transfer is called, the tokens in the liquidity pool will be partially destroyed, causing the token price to rise partially.WDOGE) :
A real attack case, winner doge(
In the _transfer function of the WDOGE contract, when block.timestamp > closingTime, enter the else loop. In code line 21, the transfer amount is deducted from the senders balance, and in code line 31, the sender is burned tokensToBurn amount of tokens. The attacker uses this fee mechanism to steal all value tokens (WBNB) in the liquidity pool through the above-mentioned attack method.
first level title
reflection mechanism
In the reflection mechanism, the user will charge a handling fee for each transaction, which is used to reward the user who holds the token, but it will not trigger the transfer, but simply modify a coefficient.
In this mechanism, users have two types of token amounts, tAmount and rAmount. tAmount is the actual amount of tokens, rAmount is the reflected amount of tokens, and the ratio is tTotal / rTotal. The general code implementation is as follows:
There is generally a function called deliver in the token of the reflection mechanism, which will destroy the caller’s token and reduce the value of rTotal, so the ratio will increase, and the number of tokens reflected by other users will also increase:
The attacker noticed this function and used it to attack the corresponding Uniswap liquidity pool.
So how should he use it? Also start with Uniswaps skim function:
Reserve in Uniswap is a reserve fund, which is different from token.balanceOf(address(this)).
The attacker first calls the deliver function to destroy his own token, which causes the value of rTotal to decrease, and the ratio increases accordingly, so the value of the reflected token will also increase, and token.balanceOf(address(this)) will also increase accordingly. There is a gap with the value of reserve.BEVO):
Therefore, the attacker can make a profit by calling the skim function to transfer out the amount of tokens equal to the difference between the two.
A real attack case, BEVO NFT Art Token(
When there is a burn function in the token contract, there is another similar attack method:
The attacker uses this feature to reduce the value of tTotal by calling the burn function multiple times, and then calls the sync function of the liquidity pool to synchronize reserves and balances. In the end, the tokens in the liquidity pool were drastically reduced and the price soared. The attacker then sells the tokens for a profit.SHEEP):
A real attack case, Sheep Token(
By interpreting the attack methods against the tokens of the burning mechanism and the reflection mechanism, it is not difficult to find that the core point of the attacker’s attack is to manipulate the price of the liquidity pool. Therefore, adding the address of the liquidity pool to the whitelist does not involve the destruction of tokens, and does not Such attacks can be avoided by participating in the reflection mechanism of tokens.
Summarize
Summarize
first level title
At Eocene Research, we provide the insights of intentions and security behind everything you know or don’t know of blockchain, and empower every individual and organization to answer complex questions we hadn’t even dreamed of back then.
