OMNI Real Estate Token Exploit

TL;DR#

On January 17, 2023, the OMNI Real Estate project (ORT Token) on the BNB chain was attacked owing to a smart contract vulnerability, after which the hacker gained 236 BNB worth approximately $70,705.

Introduction to Omni Estate Group#

Omni Group provides decentralized real estate market solution.

Vulnerability Assessment#

The root cause of the attack was the existence of a vulnerability in their StakingPool Contract, which did not have adequate parameter validation.

Steps#

Step 1:

The reward is calculated by the contract using _Check_reward function, which has two parameters: durations, and balance.

Step 2:

The durations parameter is used to specify the time frame for a user stake period. When the durations value is 0, this method returns total_percent, a global variable, instead of performing the correct calculation.

Step 3:

When the attacker called the invest function of the contract, the end_date value was set to 0, which effectively passed the contract’s verification. The durations parameter in the _Check_reward function takes value from this end_date parameter.

Step 4:

The exploiter deployed a couple of attack contracts to carry out his intended operations.

Step 5:

The attacker invested 1 Wei and then invoked the withdrawAndClaim function to withdraw ORT token rewards. These operations were repeated to earn profit.

Step 6:

The funding for the attack came from FixedFloat. The attacker later swapped the ORT tokens to BNB.

Aftermath#

The team has not acknowledged the occurrence of the incident. However the price of their token has plummeted down drastically.

Solution#

The attack could have been prevented to a greater extent with the addition of parameter validation to handle errors for invalid, or inappropriate input values.

We may not have prevented the occurrence of this hack, however the impact or aftermath of this attack could have been significantly reduced if the team associated with OMNI Real Estate project had a dedicated cover pool in the Neptune Mutual marketplace. We offer coverage to users who have suffered a loss of funds or digital assets occurring as a result of smart contract vulnerabilities owing to our parametric policies.

Users who purchase our parametric cover policy do not need to provide loss evidence in order to receive payouts. Payouts can be claimed as soon as an incident like this is resolved through our governance system.

Neptune Mutual's security team would also have evaluated the platform for DNS and web-based security, frontend and backend security, intrusion detection and prevention, and other security considerations.

Reference Source BlockSec