![\"\"](\"https:\/\/www.trustrecipe.in\/wp-content\/uploads\/2023\/08\/Group-28059-9-1024x238.png\")
<\/a><\/figure>\n\n\n\nThe attack was executed through a series of transactions involving specific addresses and contracts, and its impact on the platform’s security and financial health is a cause for concern. The attacker gained about ~$429K from this incident.<\/p>\n\n\n\n
Hacker’s Actions and Exploited Vulnerability<\/h3>\n\n\n\n
The hacker’s address involved in the attack is
0xDFD78a977c08221822F6699AD933869Da6d9720C.<\/p>\n\n\n\n
The attack was orchestrated using a contract address
0x33f9bB37d60Fa6424230e6Cf11b2d47Db424C879 which the attacker created.<\/p>\n\n\n\n
Attack Transaction:
0x68170a309ab2e944e178ccf9bf6f19e25a3f356031ce53539bb9669fc77172f2<\/p>\n\n\n\n
Attack Analysis<\/h3>\n\n\n\n
The attack involved a sequence of functions and transactions:<\/p>\n\n\n\n
- The attacker initiated the attack by utilizing the PancakePair swap function.<\/li><\/ul>\n\n\n\n
![\"dot](\"https:\/\/www.trustrecipe.in\/wp-content\/uploads\/2023\/08\/dot-finance-flash-load-attack.png\")
<\/figure>\n\n\n\n- The attacker leveraged a flash loan from PancakeSwap, acquiring 100 Cake tokens as initial funds.<\/li>
- The Cake tokens were inserted into the VaultPinkBNB contract, enabling the execution of the getReward function.<\/li>
- The getReward function utilized the balanceOf(address(this)) method to determine the contract’s Cake token balance.<\/li>
- Through this balance, the attacker manipulated the performanceFee parameter, significantly impacting the actual value of Cake tokens<\/li><\/ul>\n\n\n\n
![\"\"](\"https:\/\/www.trustrecipe.in\/wp-content\/uploads\/2023\/08\/dot-finance-flash-load-attack-1.png\")
<\/figure>\n\n\n\n- Subsequently, the mintFor function exploited the altered performanceFee parameter to generate a substantial amount of pink tokens, effectively rewarding the attacker.<\/li>
- The Attacker then deposited the stolen amount to Tornado.cash via multiple transactions.<\/li><\/ul>\n\n\n\n
![\"\"](\"https:\/\/www.trustrecipe.in\/wp-content\/uploads\/2023\/08\/dot-finance-flash-load-attack-2-1024x218.png\")
<\/figure>\n\n\n\nImplications and Lessons Learned<\/h3>\n\n\n\n
This attack bears resemblance to previous incidents targeting PancakeBunny, and Cream Finance reflects a pattern of similar attacks. <\/p>\n\n\n\n
The increasing frequency of such attacks on the BSC chain and other chains underscores the urgency of bolstering smart contract security <\/a>measures.
Read More: Flash Loans in DeFi<\/a><\/p>\n\n\n\nConclusion<\/h3>\n\n\n\n
The flash loan attack on Dot Finance highlights the vulnerability of DeFi protocols to sophisticated exploitation techniques.<\/p>\n\n\n\n
The attack’s impact on Dot Finance’s value and security prompts a call for heightened security measures within the BSC ecosystem. <\/p>\n\n\n\n
The incident serves as a reminder of the ever-present risks associated with DeFi platforms and the pressing need for proactive security strategies to safeguard user funds and platform integrity.<\/p>\n","protected":false},"excerpt":{"rendered":"
On Aug 25, 2021, Defi protocol Dot Finance was exploited for ~$429K in a lightning loan attack which reduced the…<\/p>\n","protected":false},"author":2,"featured_media":8547,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_lmt_disableupdate":"","_lmt_disable":"","footnotes":""},"categories":[6,679],"tags":[],"class_list":["post-8516","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-crypto-hacks-exploits","category-web3-security"],"_links":{"self":[{"href":"https:\/\/immunebytes.com\/blog\/wp-json\/wp\/v2\/posts\/8516","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/immunebytes.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/immunebytes.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/immunebytes.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/immunebytes.com\/blog\/wp-json\/wp\/v2\/comments?post=8516"}],"version-history":[{"count":5,"href":"https:\/\/immunebytes.com\/blog\/wp-json\/wp\/v2\/posts\/8516\/revisions"}],"predecessor-version":[{"id":11404,"href":"https:\/\/immunebytes.com\/blog\/wp-json\/wp\/v2\/posts\/8516\/revisions\/11404"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/immunebytes.com\/blog\/wp-json\/wp\/v2\/media\/8547"}],"wp:attachment":[{"href":"https:\/\/immunebytes.com\/blog\/wp-json\/wp\/v2\/media?parent=8516"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/immunebytes.com\/blog\/wp-json\/wp\/v2\/categories?post=8516"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/immunebytes.com\/blog\/wp-json\/wp\/v2\/tags?post=8516"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}