By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage and assist in our marketing efforts.
BEVO NFT art token is a DeFi payment network that uses a basket of fiat-pegged stable coin, algorithmically
stabilized by its reserve token $BEVO to enable programmable payments and open financial infrastructure development.
The underlying cause of the attack is the deflationary nature of the $BEVO token;
hence, when the attacker called a function of the contract, it decreased the total value of the token, which in turn
altered the return value used to calculate the balance.
The exploiter initially took a flash loan of 192.5 WBNB from PancakeSwap, and swapped them with the Pancake pair in
order to receive 757,417 $BEVO tokens.
Step 3:
The exploiter invoked the deliver function, which decreased the _rTotal value of the contract. This further
influenced the return value of getRate function, which is used to calculate the balance.
Step 4:
They then called the skim function to transfer the increased PancakePair balance to their own account after
manipulating the token balance.
Step 5:
This allowed them to swap 0 $BEVO tokens for 337 $BNB, after which the flash loan amount was repaid leaving the
exploiter with the profit of 144 $WBNB.
The NFT space has grown in popularity in recent years, making it an attractive target for fraudulent actors. It is
therefore crucial to conduct due diligence on the authenticity of NFT projects because of the prevalence of scams in
the industry. Failure to do so could result in a financial loss, so when evaluating NFT projects, it is critical to be
vigilant and cautious.
We may not have prevented the occurrence of this hack, however the impact or aftermath of this attack could have been
significantly reduced if the team associated with BEVO NFT Art token had set up a dedicated cover pool in the Neptune
Mutual marketplace. We offer coverage to users who have suffered a loss of funds or digital assets occurring as a
result of smart contract vulnerabilities owing to our parametric policies.
Users who purchase the available parametric cover policies do not need to provide loss evidence in order to receive
payouts. Payouts can be claimed as soon as an incident is resolved through the incident resolution system. At the
moment, our marketplace is available on two popular blockchain
networks, Ethereum, and Arbitrum.
Neptune Mutual's security team would also have evaluated the platform for DNS and web-based security, frontend
and backend security, intrusion detection and prevention, and other security considerations.
We have sent email confirmation. Please confirm to receive our
newsletter.
Unfortunately, something went wrong while trying to complete your
request. Please try again later. If the problem persists, do not
hesitate to let us know through the community channels.
