Youtube Video

Playing the video that you've selected below in an iframe

2 min read

Decoding Sheep Farm Smart Contract Hack

On November 15, 2022, the Sheep Farm project was attacked by a hacker resulting in the…

Sheep Farm Smart Contract Hack

Table of Contents

Decoding Sheep Farm Smart Contract Hack
TL;DR
Introduction to Sheep Farm
Vulnerability Assessment
Steps
Aftermath
How to prevent such an attack vector
Protocol, and Platform Security
About Us

TL;DR#

On November 15, 2022, the Sheep Farm project was attacked by a hacker resulting in the loss of approximately 262 $BNB tokens worth $72,000.

Introduction to Sheep Farm#

Sheep Farm is an investment blockchain game on the BNB chain.

Vulnerability Assessment#

The root cause of the attack is a vulnerability in one of the SheepFarm contract's functions, which could be called multiple times to increase the gems yield.

Steps#

  1. We investigated one of the attack transactions carried out by the hacker .
  1. The vulnerability existed in the register function of the SheepFarm contract .

  1. This function validates a user's timestamp to verify if they are a new user.

  2. It doesn't however update the timestamp after the user registration is completed.

  1. The perspective attacker invoked this function multiple times to increase his own gems values.
  1. They used the upgradeVillage function to accumulate yield while consuming gems properties.
  1. The sellVillage function of the contract was called to convert the yield to money.
  1. Finally, they converted the funds into $BNB tokens and withdrew them using the withdrawMoney function.

Aftermath#

Following the incident, the team put their platform into maintenance mode.

How to prevent such an attack vector#

This exploit could have been prevented if proper validation techniques had been used to ensure that all potential attack surfaces had been completely fixed. It is essential that the project team conduct rigorous audit procedures with multiple blockchain security firms to prevent such occurrences.

Protocol, and Platform Security#

Our security team at Neptune Mutual can validate your platform for DNS and web-based security, smart contract reviews, as well as frontend and backend security. We can offer you a solution to scan your platform and safeguard your protocol for known and unknown vulnerabilities that have the potential to have catastrophic long-term effects. Contact us on social media if you are serious about security and have the budget, desire, and feeling of responsibility to do so.

Reference source
BlockSec

About Us#

Neptune Mutual project safeguards the Ethereum community from cyber threats. The protocol uses parametric cover as opposed to discretionary insurance. It has an easy and reliable on-chain claim process. This means that when incidents are confirmed by our community, resolution is fast.

Join us in our mission to cover, protect, and secure on-chain digital assets.

Official Website: https://neptunemutual.com
Blog: https://blog.neptunemutual.com/
Twitter: https://twitter.com/neptunemutual
Reddit: https://www.reddit.com/r/NeptuneMutual
Telegram: https://t.me/neptunemutual
Discord: https://discord.gg/2qMGTtJtnW
YouTube: https://www.youtube.com/c/NeptuneMutual
LinkedIn: https://www.linkedin.com/company/neptune-mutual

By
BNB Chain Projects Decentralized Insurance Exploit Analysis Metaverse Parametric Insurance Sheep Farm Hack Smart Contract Hack

Related Posts

More Related Posts
Nimbus Platform Flash Loan Attack Cover

Nimbus Platform Flash Loan Attack

On December 14, 2022, NimbusPlatform was exploited using flash loan attack

Exploit Analysis
Roast Football Exploit

Roast Football Lost Funds Through Exploited Reward System

On December 05, 2022, Roast Football was a victim of an attack, in which the exploiter…

BNB Chain Projects
Helio Protocol Hack

Report: Know about the Helio Protocol Hack

On December 02, 2022, the dumping of massive amount of aBNBc tokens on decentralized…

BNB Chain Projects