Audits
Services
Services
Smart Contract Audit
Blockchain Protocol Audit
Penetration Testing
dApp Audit
Crypto Wallet Audit
Cross-Chain Bridge Audit
Bug Bounty
Proof of Reserves
CCSS Audit
Tokenomics Audit & Design
Smart Contract Audit
Mitigate weaknesses in your smart contract and improve its functionality with a double line-to-line code analysis and a separate review by a lead auditor.
Blockchain Protocol Audit
Secure the entire architecture and implementation layers of your blockchain protocol with professional security audits and testing.
Penetration Testing
Proactively detect vulnerabilities in your Web3 project by subjecting your systems to a simulated cyberattack in a secure and controlled environment.
dApp Audit
Identify vulnerabilities in applications interacting with blockchain networks with secure code review and static security analysis.
Crypto Wallet Audit
Code review & static security analysis for crypto wallet apps.
Cross-Chain Bridge Audit
Code review & security analysis for cross-chain crypto bridges.
Bug Bounty
Receive only relevant bug reports or undergo crowdsourced penetration testing with the help of thousands of ethical hackers curated by HackenProof.
Proof of Reserves
Enhance transparency in crypto exchanges with independent on-chain proof of assets’ true collateralization.
CCSS Audit
Assess and strengthen your security practices, identify vulnerabilities, and safeguard valuable digital assets in the ever-evolving cryptocurrency landscape.
Tokenomics Audit & Design
Ensure your token model robustness and efficiency and convey trust to investors and community with our thorough, independent audit of protocol economic security.
Solutions
Post-deployment security solution
Hacken Extractor
Real-time smart contract protection from assets loss
Learn more
Solutions
Featured ecosystems:
Ethereum (EVM)
BSC
Polygon
Near
Avalanche
Fantom
Aptos
Sui
Optimism
zkSync
Arbitrum
Solana
Polkadot
Cosmos
Radix
Linea
MetaMask
Others
By Languages:
Solidity
Rust
Move
Blog
Company
Company

The window to exchange $HAI for Hacken Equity Shares ($HES) is now open > Claim your spot today

FEG (Feed Every Gorilla) exploit: analysis by Hacken

FEG (Feed Every Gorilla) exploit: analysis by Hacken

Share via:

FEG (Feed Every Gorilla) has suffered an exploit in the Swap-to-Swap (S2S) functionality in the FEGtoken swap contracts on BSC and ETH. The attacker created 10 addresses and each of them was approved to spend 114 fBNB from the current address. The attacker was able to drain all the fBNB within the contract. Trading of FEG on FEGex was halted immediately after notification of unusual activity.

Date: May 15, 2022

Type of Attack: Flash Loan

Loss: $1.3m

Attack

On May 15, the hacker exploited the S2S functionality within the FEGtoken swap contracts on BSC and ETH.

There were two separate flash loan attacks on Ethereum and BNB Chain. The first flash loan attack was followed by another flash loan attack on 143 ETH ($305k). FEG lost $1.3m in total.

How the Attack Unfolded?

The first step was to borrow 915 WBNB and deposit 116 BNB to FEG Wrapped BNB(fBNB). The next step was to create ten new addresses for later. Afterward, the hacker deposited fBNB to the LP [FEGex PRO] Token contract. Then, the attacker exploited the faulty S2S functionality by inputting a fake address for the path parameter. The S2S function allowed the hacker to spend 114 fBNB belonging to the LP Token contract. The hacker had control over ten addresses. For each address, the attacker deposited 114 fBNB and used S2S functionality to get approval. The next step was to drain all FEG tokens within the contract. The hacker repeated all these steps for 13 LP Token contracts. Finally, the hacker transferred the stolen assets through Tornado Cash and repaid the flash loan.

Source of Security Vulnerability

The cause of the attack was a hacker’s exploit of the vulnerability of the S2S functionality. In particular, FEG’s code has the “swapToSwap()” function that did not have any data validation scheme when taking user input “path.” The following is the extract from the contract source code.

The “swapToSwap()” approved the path and generated a token for the address. The hacker exploited vulnerability by calling “depositInternal()” and “swapToSwap()” functions for each address. The hacker gained “uinit256 tokens”, i.e., unlimited allowance, to drain all the tokens within the contract.

Response

The FEG team suspended trading of FEGtoken after the notification of unusual activity. Trading of FEGtoken continued as usual on centralized exchanges, in addition to Pancake Swap and Uniswap.

PeckShiled, a Chinese-based security company, advised the FEG development team to remove S2S functionality from swap contracts. On May 16, the FED team disabled the S2S functionality as this security vulnerability allowed for more hacks.

The exchange has no plans to remove SmartSwap trading within a contract. S2S functionality will be limited. FEGex will disable the ability to send FEG Wrapped assets from contract to contract. Moreover, the FEG team promised new layers of security.

Implications of the Attack

FEG became the victim of a flash loan attack. This type of attack can be prevented. For example, Hacken performs smart contract audits for all major blockchains. In the case of FEG, our security experts would have performed a smart contract audit for BNB Chain. The audit would have revealed that the function responsible for the S2S feature is programmed to accept the untrusted “path” parameter and approve spending. A smart contract audit by Hacken can protect from this type of flash loan.