Decoding Sheep Farm Smart Contract Hack

2 min read
Sheep Farm Smart Contract Hack

The Sheep Farm project was attacked by a hacker resulting in the loss of around $262 BNB


On November 15, 2022, the Sheep Farm project was attacked by a hacker resulting in the loss of approximately 262 $BNB tokens worth $72,000.

Introduction to Sheep Farm#

Sheep Farm is an investment blockchain game on the BNB chain.

Vulnerability Assessment#

The root cause of the attack is a vulnerability in one of the SheepFarm contract's functions, which could be called multiple times to increase the gems yield.


Step 1:

We investigated one of the attack transactions carried out by the hacker.

Step 2:

The vulnerability existed in the register function of the SheepFarm contract.

Step 3:

This function validates a user's timestamp to verify if they are a new user.

Step 4:

It doesn't however update the timestamp after the user registration is completed.

Step 5:

The perspective attacker invoked this function multiple times to increase his own gems values.

Step 6:

They used the upgradeVillage function to accumulate yield while consuming gems properties.

Step 7:

The sellVillage function of the contract was called to convert the yield to money.

Step 8:

Finally, they converted the funds into $BNB tokens and withdrew them using the withdrawMoney function.


Following the incident, the team put their platform into maintenance mode.

How to Prevent Such an Attack Vector#

This exploit could have been prevented if proper validation techniques had been used to ensure that all potential attack surfaces had been completely fixed. It is essential that the project team conduct rigorous audit procedures with multiple blockchain security firms to prevent such occurrences.

Protocol, and Platform Security#

Our security team at Neptune Mutual can validate your platform for DNS and web-based security, smart contract reviews, as well as frontend and backend security. We can offer you a solution to scan your platform and safeguard your protocol for known and unknown vulnerabilities that have the potential to have catastrophic long-term effects. Contact us on social media if you are serious about security and have the budget, desire, and feeling of responsibility to do so.

Reference source BlockSec

By Tags