📢 Gate Square #MBG Posting Challenge# is Live— Post for MBG Rewards!
Want a share of 1,000 MBG? Get involved now—show your insights and real participation to become an MBG promoter!
💰 20 top posts will each win 50 MBG!
How to Participate:
1️⃣ Research the MBG project
Share your in-depth views on MBG’s fundamentals, community governance, development goals, and tokenomics, etc.
2️⃣ Join and share your real experience
Take part in MBG activities (CandyDrop, Launchpool, or spot trading), and post your screenshots, earnings, or step-by-step tutorials. Content can include profits, beginner-friendl
Cellframe Network suffers from liquidity manipulation, losing $76,112.
Cellframe Network suffered a Liquidity manipulation attack, resulting in a loss of 76,112.
On June 1, 2023, at 10:07:55 AM (UTC+8), Cellframe Network was attacked by hackers on a certain smart chain due to a token quantity calculation issue during the Liquidity migration process. The attackers profited $76,112 from this vulnerability.
Attack Analysis
The attacker first obtained 1,000 native tokens of a certain chain and 500,000 New Cell tokens through a flash loan. Subsequently, the attacker exchanged all New Cell tokens for native tokens, causing the amount of native tokens in the liquidity pool to approach zero. Finally, the attacker exchanged 900 native tokens for Old Cell tokens.
It is worth noting that the attacker added liquidity of Old Cell and native tokens before the attack, obtaining Old lp.
Attack Process
The attacker calls the liquidity migration function. At this time, there are almost no native tokens in the new pool, and almost no Old Cell tokens in the old pool.
The migration process involves the following steps:
Due to the almost non-existent Old Cell tokens in the old pool, the number of native tokens obtained when removing liquidity increases, while the number of Old Cell tokens decreases.
Users only need to add a small amount of native tokens and New Cell tokens to obtain Liquidity, and any excess native tokens and Old Cell tokens will be returned to the user.
The attacker removes the liquidity from the new pool and exchanges the Old Cell tokens returned from the migration for native tokens.
At this point, there are a large number of Old Cell tokens in the old pool but no native tokens. The attacker will exchange the Old Cell tokens back into native tokens to realize profit.
Summary
When migrating liquidity, one should comprehensively consider the changes in the quantities of the two tokens in the old and new pools or the current token prices, avoiding direct calculations based on the quantities of the two currencies in the trading pair to prevent manipulation. In addition, project parties should conduct a comprehensive security audit before deploying the code to reduce similar risks.