Cellframe Network suffers from liquidity manipulation, losing $76,112.

robot
Abstract generation in progress

Cellframe Network suffered a Liquidity manipulation attack, resulting in a loss of 76,112.

On June 1, 2023, at 10:07:55 AM (UTC+8), Cellframe Network was attacked by hackers on a certain smart chain due to a token quantity calculation issue during the Liquidity migration process. The attackers profited $76,112 from this vulnerability.

Attack Analysis

The attacker first obtained 1,000 native tokens of a certain chain and 500,000 New Cell tokens through a flash loan. Subsequently, the attacker exchanged all New Cell tokens for native tokens, causing the amount of native tokens in the liquidity pool to approach zero. Finally, the attacker exchanged 900 native tokens for Old Cell tokens.

It is worth noting that the attacker added liquidity of Old Cell and native tokens before the attack, obtaining Old lp.

Web3 Security | Analysis of the Attack Incident on Cellframe Network Due to Flash Loan Manipulation of Pool Ratios

Attack Process

  1. The attacker calls the liquidity migration function. At this time, there are almost no native tokens in the new pool, and almost no Old Cell tokens in the old pool.

  2. The migration process involves the following steps:

    • Remove the old Liquidity and return the corresponding amount of tokens to the user.
    • Add new liquidity according to the proportion of the new pool

Web3 Security | Cellframe Network Attack Event Analysis Due to Flash Loan Manipulation of Pool Ratio

  1. Due to the almost non-existent Old Cell tokens in the old pool, the number of native tokens obtained when removing liquidity increases, while the number of Old Cell tokens decreases.

  2. Users only need to add a small amount of native tokens and New Cell tokens to obtain Liquidity, and any excess native tokens and Old Cell tokens will be returned to the user.

Web3 Security | Analysis of the Attack Incident on Cellframe Network Due to Flash Loan Manipulation

  1. The attacker removes the liquidity from the new pool and exchanges the Old Cell tokens returned from the migration for native tokens.

  2. At this point, there are a large number of Old Cell tokens in the old pool but no native tokens. The attacker will exchange the Old Cell tokens back into native tokens to realize profit.

Web3 Security | Analysis of the Attack Incident on Cellframe Network Due to Flash Loan Manipulation of Pool Ratios

  1. The attacker repeatedly performs migration operations to continuously profit.

Web3 Security | Cellframe Network Attacked Due to Flash Loan Manipulation of Pool Ratios Analysis

Summary

When migrating liquidity, one should comprehensively consider the changes in the quantities of the two tokens in the old and new pools or the current token prices, avoiding direct calculations based on the quantities of the two currencies in the trading pair to prevent manipulation. In addition, project parties should conduct a comprehensive security audit before deploying the code to reduce similar risks.

Web3 Security | Analysis of the Attack Incident on Cellframe Network Due to Flash Loan Manipulation of Pool Ratios

CELL16.77%
View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • 7
  • Share
Comment
0/400
ContractHuntervip
· 07-14 21:56
Another funny pitfall
View OriginalReply0
MetamaskMechanicvip
· 07-14 07:53
Another project has been Be Played for Suckers.
View OriginalReply0
GasFeeBarbecuevip
· 07-13 22:58
Sigh, I've been played for suckers again.
View OriginalReply0
OfflineNewbievip
· 07-12 18:29
Another Be Played for Suckers is here.
View OriginalReply0
BearMarketMonkvip
· 07-12 18:29
Another project is doomed.
View OriginalReply0
NestedFoxvip
· 07-12 18:17
Another Flash Loans, so annoying...
View OriginalReply0
ChainSauceMastervip
· 07-12 18:17
Another project that plays people for suckers.
View OriginalReply0
Trade Crypto Anywhere Anytime
qrCode
Scan to download Gate app
Community
English
  • 简体中文
  • English
  • Tiếng Việt
  • 繁體中文
  • Español
  • Русский
  • Français (Afrique)
  • Português (Portugal)
  • Bahasa Indonesia
  • 日本語
  • بالعربية
  • Українська
  • Português (Brasil)