contexts
OSN is a fee on transfer token that pays out dividends to users based on the balance of their dividend account. An attacker can exploit the vulnerability to increase the balance of the dividend account and then trigger the dividend mechanism to complete the profit.
OSN:/address/0x810f4c6ae97bcc66da5ae6383cc31bd3670f6d13#code
The attack consists of three transactions:
- /explorer/tx/bsc/0xbf22eabb5db8785642ba17930bddef48d0d1bb94ebd1e03e7faa6f2a3d1a5540
- /explorer/tx/bsc/0x69c64b226f8bf06216cc665ad5e3777ad1b120909326f120f0816ac65a9099c0
- /explorer/tx/bsc/0xc7927a68464ebab1c0b1af58a5466da88f09ba9b30e6c255b46b1bc2e7d1bf09
Trace Analysis
Attack Transaction 1
The attacker first exchanges BUSD for OSN tokens.
A small amount of BUSD and OSN is then sent to the newly created address
Attack Trading 2
The attacker manipulates the account created in Attack Transaction 1 to add liquidity to the pair
Attack Trading 3
Attackers first flash loan 50000 BUSD
Subsequent acquisition of 70,000 OSN
Add liquidity to pair, get 53032907572135909484703 liquidity tokens
Send the liquidity tokens to the attack contract and then call itsaddLiq The function burn 35524 liquidity tokens (added in transaction 2) to retrieve the asset. The 53032907572135909484703 liquidity tokens received earlier are then transferred to the next contract, repeating this operation over and over.
Remove the liquidity, retrieve the BUSD and OSN tokens, and then iteratively perform the exchange operations for both BUSD -> OSN and OSN-> BUSD.
execute an attack on the contract'scc function, which adds mobility to the pair, triggering the The function then pays the attacking contract a dividend of 55 BUSD, and finally transfers all 121 BUSD from the attacking contract to the attacker's address.
From the debugging interface, we can see that the attacking contract has 66 BUSD, plus 55 BUSD from the dividend, totaling 121 BUSD.
In the end, the attacker returned 500,250 BUSD to Lightning Credit for a profit of 1,767 BUSD.
Vulnerability Analysis
The attacker creates a large number of accounts in the first transaction and then adds a small amount of liquidity to the pair through these accounts in the second transaction
existOSN._transfer function will record the liquidity accountuserInfo liquidity tokens held, and liquidity tokens held in the dividend account.
Subsequently, in the third transaction, the attacker first adds liquidity to acquire a large number of liquidity tokens, then sends the liquidity tokens to the attacking contract, and then removes the liquidity that was previously added by the attacking contract.
At this point it will go to theOSN._transfer Another branch of the function - the remove mobility branch. The function first gets theto address for the balance of the liquidity tokens, which are then passed through the function logs the value to theto address on the dividend account.
As you can see from the trace below, the newBalance of the attack contract is set to a very large value. The attacker then repeats the trick by transferring this liquidity token to the next attack contract and updating its newBalance value, repeating this operation over and over again across the multiple attack contracts created.
The attacker then removes the liquidity, retrieves the BUSD and OSN tokens, and then repeatedly performs the BUSD -> OSN and OSN-> BUSD conversions.
When OSN -> BUSD, the three functions in the red box are executed
-
swapAndSendDividends: send OSN -> BUSD and then send BUSD to thelpDividendTrackerThe subsequent call tofunction. -
burnPoolToken: Burn a portion of the OSN tokens in the pair. -
swapAndAddLiqidity: Send OSN -> BUSD, send 4/7 BUSD tomarketAddressSend 3/7 BUSD tolpDividendTrackerThe subsequent call tofunction.
The main function of the function is to accumulate the reward valuesmagnifiedDividendPerShare, which means that the reward is increased every time the function is called. This is the reason why the attacker repeatedly performs the swap operation.
After the swap operation, the attacker calls the attack contract'scc function adds a small amount of liquidity to pair, with the goal of triggering the dividend payout function to make a profit.
The function call flow is as follows:_transfer -> setBalance -> processAccount -> _withdrawDividendOfUser -> withdrawableDividendOf -> accumulativeDividendOf
accumulativeDividendOf function calculates the dividend that the user can share, wheremagnifiedDividendPerShare It is manipulated by the attacker through repeated swaps, and balanceOf is manipulated by the reused liquidity tokens.
exist_withdrawDividendOfUser In the function, the profitability of this attack is accomplished by making a distribution to the attacking address based on the manipulated distribution amount.
postscript
Originally, I thought that the security issues on the token would not be too complicated, and the amount of code for a token is relatively small compared to other DeFi protocols. However, after reviewing the code, I realized that this token is still quite complex, with a lot of mechanisms added on top of ERC20: tax collection, deflation, dividends, buybacks, etc. So in this post, we will only track a few key affected variables and analyze them. Therefore, in this article, we only tracked and analyzed the key variables affected, if readers want to understand the mechanism of OSN tokens, they can read the source code. If there are any mistakes in the analysis of the article, please enlighten me, thank you for reading.