Decoding ULME Token Flash Loan Attack

2 min read
Ulme Token Flash Loan Attack

ULME token was attacked by a hacker using a flash loan attack resulting in 50,646 BUSD loss.

TL;DR#

On October 25, 2022, ULME Token was attacked by a hacker who allegedly gained approximately 50,646 BUSD using flash loan.

Introduction to ULME#

ULME is a token on Binance Smart Chain BNB Chain, but it has no social presence.

Vulnerability Assessment#

The underlying source of the vulnerability is due to an indirect price manipulation using flash loans resulting from an unrestricted access control.

Steps#

Step 1:

The attacker initially used flash loans to borrow 1,000,000 BUSD.

Step 2:

They then swapped the borrowed BUSD for $ULME tokens on PancakeSwap.

Step 3:

The attacker should have compiled a list of users who would approve the BUSD token to the $ULME contract.

Step 4:

The attacker called the buyMiner function of the $ULME token contract,passing in the list of users from the earlier step, and their corresponding amount.

Step 5:

In the underlying function, the attacker can manipulate the BUSD tokens previously approved to the users.

Step 6:

The attacker can additionally manipulate the BUSD of a large number of users, and swap to $ULME, thereby indirectly increasing the price of the token.

Step 7:

After the price increase, they swapped the $ULME token for BUSD, returned the amount borrowed during flash loan, and kept the remaining profit of 50,646 BUSD.

Aftermath#

Following the incident, the underlying price of the $ULME token increased to a high of 0.394 before falling to 0.08 at the time of this writing.

How to Prevent Such an Attack Vector#

In the indirect price manipulation attack, a trade on an AMM is utilised to discreetly influence the token price of a vulnerable DeFi application whose price mechanism is dependent on real-time status.

A flash loan attack can be mitigated to a greater extent by imposing a limit on the amount that can be borrowed in a single flash loan transaction, or using oracle-based services like ChainLink amongst many other precautions.

Protocol, and Platform Security#

Our security team at Neptune Mutual can validate your platform for DNS and web-based security, smart contract reviews, as well as frontend and backend security. We can offer you a solution to scan your platform and safeguard your protocol for known and unknown vulnerabilities that have the potential to have catastrophic long-term effects. Contact us on social media if you are serious about security and have the budget, desire, and feeling of responsibility to do so.

By

Tags