HomeCoinsHyruleSwap (RUPEE)“Double double, toil and trouble, a toadstool mix makes powder for tricks!”...

“Double double, toil and trouble, a toadstool mix makes powder for tricks!” | by HyruleSwap | Jun, 2021

- Advertisement -


HyruleSwap
Double double toil and trouble a toadstool mix makes powder

Dear Hyruleans,

As usual we are meeting to discuss the recent BSC hacks, and today we are going to talk about MerlinLab.

As you may have heard, on June 29th around 7 AM UTC, MerlinLab was the victim of an exploit as reported on their Telegram.

During the attack, about $330K was stolen, which significantly impacted MerlinLab’s TVL, lowering it to 1.5M. As a reminder before this event, MerlinLab had more than 100M TVL and was one of the big players in the BSC. The price has also falled from around $15 to $0.15.

Here is the wallet of the exploiter: 0x2bADa393e53D0373788d15fD98CB5Fb1441645BD

By the way, it is also important to note that this incident is not an isolated case, as Merlin had already been victim of 2 flashloan attacks last May, and had put in place protection and prevention measures following these attacks.

According to PeckShield the exploit was due to a logic bug which did not properly calculate the deserved profit.

How did MerlinLab work?

Merlin was a fork of Bunny, that is to say a copy that worked under the same model. Basically, Merlin charged a performance fee on the tokens stake in the vaults and in exchange offered its own token as a reward. Once 1 BNB was reached in terms of performance fees, 35 MERLs were minted. Thus, if the price of the BNB increased, the tokens were minted less frequently, thus ensuring price stability.

What happened?

Everything was going on as normal, until the MerlinLab team decided to test their new strategy with Alpaca on their mainnet.

The problem is that by sending BNB to the contract directly, it is also converted to WBNB and considered “profit”. So basically, deposit BNB in the contract, harvest and all that BNB would be assumed to be rewardable profit.

Step by step it goes like this:

  1. Deposited 0.1 $WBNB to Merlin’s Alpaca Vault.

2. Transferred $546WBNB and $1ALPACA (for bypassing the reinvest condition check when executing the harvest() function) to the vault as the reward.

3. Harvested the reward to force the Merlin’s Alpaca Vault to reinvest.

4. Executed WithdrawAll() which resulted in the performance fee that will be deducted from the reward and $MERL will be minted with function mintFor() as a compensation.

5. In function mintFor(), the amount of $MERL that must be minted will be calculated with the performance fee multiplied by a static variable (merlinPerProfitBNB) which equals to “20 * 1⁰¹⁸” led to an excessive amount of minted $MERL compare to the actual $MERL price.

6. Swap all minted $MERL to $WBNB to make a profit.

In this transaction, the attacker deposited 0.1 $WBNB and transferred 546.81 $WBNB to Merlin’s Alpaca Vault. Then withdrew 382.70 $WBNB and swapped the 5,625.69 $MERL minted to be 246.29 $WBNB. Therefore, the attacker gained 82.78 $WBNB as shown in the following calculation:

246.29 + 382.70–546.81–0.1 = 82.78 $WBNB

And now?

MerlinLab have indicated on their Telegram group that they have unfortunately decided to stop their activities. Indeed, the 3rd attack seems to have been too much.

A few minutes after the announcement Merlin has shut down their medias, including Twitter and Medium.

That’s it for day, we hope you have enjoyed the article and if another big exploit happens on the BSC you can count on us to cover it!



Source link

- Advertisement -
profile logo 500x500
Mr Bitcointehttps://www.bitcointe.com/
“Fact You Need To Know About Cryptocurrency - The first Bitcoin purchase was for pizza.” ― Mohsin Jameel
462FansLike
76FollowersFollow
4,567FollowersFollow
5,261FollowersFollow
1,495FollowersFollow
2,230SubscribersSubscribe

Most Popular

bitcoin
Bitcoin (BTC) $ 43,545.00
ethereum
Ethereum (ETH) $ 3,067.54
tether
Tether (USDT) $ 1.00
bitcoin-cash
Bitcoin Cash (BCH) $ 518.60
litecoin
Litecoin (LTC) $ 153.38
eos
EOS (EOS) $ 4.05
okb
OKB (OKB) $ 13.58
tezos
Tezos (XTZ) $ 6.98
leo-token
LEO Token (LEO) $ 2.83
cardano
Cardano (ADA) $ 2.29
monero
Monero (XMR) $ 236.54
stellar
Stellar (XLM) $ 0.282297
chainlink
Chainlink (LINK) $ 25.17
huobi-token
Huobi Token (HT) $ 7.80
tron
TRON (TRX) $ 0.089189
usd-coin
USD Coin (USDC) $ 1.00
dash
Dash (DASH) $ 164.97
neo
NEO (NEO) $ 39.33
iota
IOTA (MIOTA) $ 1.22
nem
NEM (XEM) $ 0.149478
zcash
Zcash (ZEC) $ 112.52
maker
Maker (MKR) $ 2,381.76
paxos-standard
Pax Dollar (USDP) $ 1.00
ethereum-classic
Ethereum Classic (ETC) $ 47.60
vechain
VeChain (VET) $ 0.09255
true-usd
TrueUSD (TUSD) $ 1.00
ftx-token
FTX Token (FTT) $ 57.14
kucoin-shares
KuCoin Token (KCS) $ 10.67
waves
Waves (WAVES) $ 24.19