3 min read

How Was BRA Token Exploited?

A logical flaw in the BRA token contract allowed a hacker to be profited by $225,000.

how-was-bra-token-exploited

TL;DR#

On January 10, 2023, the BRA token was exploited, in which the hacker was able to steal funds worth 819 $WBNB, roughly amounting to $225,000.

Introduction to BRA#

BRA is a token on BSC Chain, available on trading at PancakeSwap.

Vulnerability Assessment#

The root cause of the vulnerability is due to the existence of a logical flaw in the BRA contract, wherein the transfer process generated rewards if the caller or receiver were a pair.

Steps#

Step 1:

Let's take a close took at one of the attack transactions executed by the exploiter.

Step 2:

The perpetrator initially took a flash loan of 1,400 $WBNB, before swapping 1,000 $WBNB for 10.5K $BRA tokens.

Step 3:

The acquired $BRA tokens were transferred to the PancakeSwap pair.

Step 4:

They then triggered the skim function, which in turn called the transfer function of the BRA contract, in order to collect rewards.

bra-contract-transfer-function

BRA Token Contract transfer functionality

Step 5:

Here, the attacker specified pair as the recipient address, and $BRA revert to pair, leading to a rise of $BRA amount after a single skim.

Step 6:

After repeating the call to the skim function roughly 101 times, the $BRA balance of the contract pair had significantly increased.

Step 7:

The attacker then exchanged back 1.675K $WBNB tokens, and repaid the flash loan amount of 1.4K $WBNB tokens.

Step 8:

675 $WBNB tokens in proceeds from the initial attack transactions were sent to the exploiter's address.

bra-exploit-fund-flow

Fund flow during BRA exploit. Courtesy of BlockSec

Step 9:

The attacker then carried out a second attack transaction from which he stole funds worth 144 $WBNB tokens.

Step 10:

The exploiter finally transferred 819 $WBNB in total earnings to this address.

Aftermath#

The online presence of the team affiliated with BRA tokens is unknown; hence, there is no official acknowledgement of the incident. The price of BRA tokens decreased by 98% of their value.

Solution#

Numerous attacks in the DeFi ecosystem appear to be coordinated by the team or team members to route revenue for personal gain. It is possible, given the lack of a social profile and the incident response and recovery plan, that the event was pre-planned or arranged by team members. Users should always verify the legitimacy of a team and its tokens before investing in them.

We may not have prevented the occurrence of this hack, however the impact or aftermath of this attack could have been significantly reduced if the team associated with BRA Token had a dedicated cover pool in the Neptune Mutual marketplace. We generally exclude the events originating from the logical design flaw like this, however we offer coverage to users who have suffered a loss of funds or digital assets occurring as a result of smart contract vulnerabilities owing to our parametric policies.

Users who purchase our parametric cover policy do not need to provide loss evidence in order to receive payouts. Payouts can be claimed as soon as an incident like this is resolved through our governance system.

Neptune Mutual's security team would also have evaluated the platform for DNS and web-based security, frontend and backend security, intrusion detection and prevention, and other security considerations.

Reference Source: BlockSec

By