In a recent incident, the popular Binance Smart Chain (BSC) token, @babydogecoin, fell victim to a flash loan attack, resulting in a loss of approximately $157,000. The attack exploited a vulnerability of misconfiguration of the BabyDoge contract to allow the FarmZAP contract excluded from the fee-charging mechanism, which allowed the attacker to manipulate the price of $BabyDoge on the PancakeSwap pair and dump BabyDoge tokens of the BabyDoge contract at a lower price.The attack transaction, available at https://bscscan.com/tx/0x098e7394a1733320e0887f0de22b18f5c71ee18d48a0f6d30c76890fb5c85375, provides insights into the steps taken by the attacker.

Here are the key details of the incident.

Token:

Attacker:

https://bscscan.com/address/0xcbc0d0c1049eb011d7c7cfc4ff556d281f0afebb

Attacking Contract:

https://bscscan.com/address/0x51873a0b615a51115f2cfbc2e24d9db4bfa2e6e2

Attacked Contract:

BabyDoge https://bscscan.com/address/0xc748673057861a797275CD8A068AbB95A902e8de

TreatSwap pair https://bscscan.com/address/0x0536c8b0c3685b6e3c62a7b5c4e8b83f938f12d1

Pairs Involved:

Attacking Steps:

5 hours later of the exploit, the project owner included the FarmZAP contract in the fee-charging mechanism.

Here is the transaction https://bscscan.com/tx/0x0c7fa7a334a31c60d9e7f7fd58063aef8cc78680f8e506c4bf4f4761aafe89f2.

Root Cause

The root cause of this attack serves as a crucial lesson for the entire DeFi community. It highlights the significance of implementing comprehensive security measures and conducting thorough audits of smart contracts. In this case, the exclusion of the FarmZAP contract from the fee-charging mechanism created an exploitable vulnerability that allowed the attacker to manipulate the price of $BabyDoge on the PancakeSwap pair.

To prevent similar incidents in the future, projects should prioritize the implementation of robust security practices. This includes conducting regular audits by reputable third-party firms to identify and address potential vulnerabilities. Moreover, projects should establish mechanisms for ongoing monitoring and surveillance of token pairs on decentralized exchanges to promptly detect any suspicious or manipulative activities.

Furthermore, decentralized exchanges play a vital role in maintaining the integrity of the DeFi ecosystem. They should enhance their monitoring capabilities and implement safeguards to identify and prevent price manipulation attempts. This may involve utilizing advanced algorithms and data analysis techniques to detect abnormal trading patterns or sudden price fluctuations that could indicate fraudulent activities.

Additionally, it is crucial for the community to foster a culture of information sharing and collaboration. By sharing knowledge and experiences related to security vulnerabilities and attacks, the community can collectively learn and strengthen the defenses against potential threats. Projects and participants should actively engage in open dialogue, knowledge sharing, and the adoption of best practices to ensure the overall security and resilience of the DeFi ecosystem.

Overall, the attack on BabyDoge highlights the ongoing need for constant vigilance, robust security measures, and collaboration within the DeFi community. By learning from such incidents, the industry can continue to evolve and develop innovative solutions that uphold the principles of transparency, security, and trust in the decentralized financial landscape.

Follow Us

Twitter: @MetaTrustLabs

Website: metatrust.io