Fairyproof’s Analysis of Exploitation on Brinc Finance
Brinc Finance, a bonding curve token protocol deployed on Ethereum was exploited at 01:59:04 AM on Dec-14–2021 +UTC.
Brinc Finance, a bonding curve token protocol deployed on Ethereum was exploited at 01:59:04 AM on Dec-14–2021 +UTC.
Here is the basic info about this incident:
The root cause of this incident was the admin’s private key was compromised. And the admin’s private key was used to transfer the staking contract’s owner right to the attacker’s address 0x6B0b61323F6d77ef8A1a35D11FA877631d8f67Bb.
The attacker then upgraded the staking contract to a new one deployed at 0x1ec83036a1dbbd6e001bb216e31b8a259ebd8f3d. In this new contract, a rescueToken function was inserted. The rescueToken function had an onlyOwner modifier which only allowed the owner to call this function.
Here is the function’s code:
function rescueTokens(address to, IERC20Upgradeable token) public onlyOwner {
uint bal = token.balanceOf(address(this));
require(bal > 0);
token.transfer(to, bal);
}
Then the “owner” at 0x43e0Acd5314D0B8BCf34d45Fc9F5B8eA2DD403b9 could arbitrarily transfer tokens out of the staking contract. Nearly 14.3 million BRCs and 3.2 million gBRCs were taken out of the contract. 14.3 million BRCs were converted to 927,000 DAIs. 3.2 million gBRCs were converted to 176,000 DAIs via Sushi.
1.1 million DAIs were converted to 290.6 ETHs via MetaMask’s swap router.
Fairyproof’d like to reiterate here it is highly recommended to use a multi-sig wallet to manage access control.