Fairyproof’s Analysis of the Attack on Titano Finance
Starting from February 10, 2022, Titano Finance, a DeFi application was attacked.
Starting from February 10, 2022, Titano Finance, a DeFi application was attacked.
Here is the detailed information:
The attacker’s address was 0xAd9217e427ed9df8A89E582601a8614FD4F74563 on BSC.
The gas that was used to launch the attack came from Tornado.Cash.
The transaction of the attack can be viewed at https://bscscan.com/tx/0xeed5ed92592b16460948d2627b59861e3d97c6d32eded17feb4352d537094187 .
The attacking process is as follows:
On Feb-10–2022 06:47:46 PM +UTC, the attacker at 0xAd9217e427ed9df8A89E582601a8614FD4F74563 on BSC deployed a contract “MultipleWinnersProxyFactory” at 0x940151F5BbbCDA5B1b482592D816e96f80d6073a on BSC.
Soon after that, i.e on Feb-10–2022 06:48:04 PM +UTC, the attacker deployed another contract “MultipleWinnersBuilder” at 0x1866207c355d4c6e0B03B4dC0Bf9c658f4D13F8a on BSC
On Feb-14–2022 04:36:21 AM +UTC, the attacker called the createMultipleWinnersFromExistingPrizeStrategy function of the MultipleWinnersBuilder contract to create a MultipleWinners contract at 0x49D078d25b08f2731cBf5AF8e8CDF1eA3E0a2046 on BSC.
The attacker then copied the states and data stored in the Titano’s MultipleWinners contract at 0x5739f9f8c9fc9854a5b6f3667a6fb14144dc40a7 on BSC to the MultipleWinners contract at 0x49D078d25b08f2731cBf5AF8e8CDF1eA3E0a2046 on BSC.
Now the MultipleWinners contract created by the attacker had exactly the same states as the MultipleWinners contract deployed by the Titano team.
Around five minutes later, i.e. on Feb-14–2022 04:41:51 AM +UTC, the attacker called the _awardTickets function of the contract deployed at 0x49D078d25b08f2731cBf5AF8e8CDF1eA3E0a2046 on BSC to mint additional 32 million TickTitanos.
Around eight minutes later, i.e., on Feb-14–2022 04:49:09 AM +UTC, the attacker called the withdrawInstantlyFrom function of the contract deployed at 0x4d7f0a96967dce1e36dd2fbb131625bbd9106442 on BSC to burn 1 million TickTitanos and obtain 1 million TITANOs.
The attacker repeated the above steps and obtained seven amounts consecutively: 5 million TITANOs, 5 million TITANOs, 5 million TITANOs, 5 million TITANOs, 5 million TITANOs, 5 million TITANOs, and 0.43 million TITANOs respectively. The total is 30.43 million TITANOs.
Ultimately, these exploited TITANOs were swapped for BNBs and were taken away.