Ehh…Same exploit used for the 4th time. Devs do not learn, do they?Exploit is very similar to the one found on PancakeBunny. 40 ETH was sent through Torando Cash on Ethereum.
Below analysis is taken from WatchPugs.
The core issue is: it’s taking all the wallet balance to create the LP tokens which will later be used for profit calculation and minting. Same old bug as the two of the previous hacks.
As I said in previous posts like this, there aren't any excuses for such bad code. Developers needs to listen to Twitter/Telegram groups or any crypto news outlets that cover any smart contracts exploits. PancakeBunny was forked few times and code was exploited few times already. There are small variations to the hacks but the core issue is the same.
If you fork and don't pause the contracts after the hack in the original protocol, you don't want to do proper checks and perform an audit, all the blame is on you.
Thanks for reading, and if you like my writing, you can subscribe to my blog to receive the daily newsletter as I’m currently in the middle of 100 days of blogging challenge. Subscription box below 👇
If the newsletter is not your thing, check out my Twitter @adrianhetman, where I post and share exciting news from the Blockchain world and security.
See you tomorrow!