Critical Vulnerability in BSC Contract Triggers $100,000 Loss

BlockSec Phalcon, the security platform of the renowned auditing firm BlockSec, recently reported on X network the discovery of a sophisticated attack against an unknown contract deployed on the BSC chain. The malicious operation resulted in the theft of approximately $100,000, exposing a fundamental flaw in the synchronization mechanism of the token pair burn protocol.

Protocol Architecture: Where the Vulnerability Resides

According to the analysis shared by Odaily, the root of the problem lies in the design of the liquidity burn system. The vulnerability is not simply due to faulty code, but in an architecture that allows cascading manipulations. The protocol implemented a synchronization function that, although intended to maintain pair balance, ended up being the weak point of the contract.

The mechanism was programmed to automatically destroy significant percentages of tokens during swap operations, under the belief that this action would protect the fund. However, this same feature became the tool the attacker used to their advantage.

Execution in Two Phases: The Anatomy of the Attack

The exploiter took advantage of the vulnerability through an arbitrage strategy executed in two consecutive operations. In the first phase, during an initial swap, they managed to extract 99.56% of the PGNLZ tokens from the liquidity pool. This action alone should have triggered security mechanisms, but the architecture allowed it to continue.

In the second phase, the attacker performed a PGNLZ sale operation that automatically activated the contract’s transferFrom function. This function, as designed, proceeded to destroy 99.9% of the remaining PGNLP tokens and executed a forced synchronization. This is where the vulnerability showed its full extent: the mass burn of PGNLP caused an artificial increase in the token’s relative price, manipulating the fund’s value metrics.

Attacker’s Gain: Exploiting Manipulated Prices

Taking advantage of the price distortion caused by token synchronization and burning, the exploiter executed their final move. With the manipulated price in their favor, they managed to withdraw almost all of the USDT remaining in the fund, completing the chain of events that resulted in a total loss of $100,000.

Implications for the BSC Ecosystem

This incident highlights a recurring pattern in smart contract vulnerabilities: the convergence of seemingly independent mechanisms can create unforeseen attack vectors. Developers operating on the BSC chain and designing protocols with burn functions should reconsider how these interact with synchronization operations and fund transfers, implementing additional validations to break these exploitation chains.