The critical distinction is that Stake319 had at least two different styles of privileged logic in the live bytecode:

• Guarded paths at jump destinations 0x048b and 0x051f load slot 0x05, compare it to CALLER, and revert with no permissions when the caller is unauthorized.
• The vulnerable claimEther path at selector 0xbfcf63b0 does not perform that check and instead directly forwards value to an arbitrary recipient.

At pre-state block 43860719, Stake319 held exactly 20850000000000000000 wei and operator() returned 0x72Dca87c7d82bF16CFfC58cfED2462528045dbA8. A pre-state permissionless simulation from arbitrary address 0x1111111111111111111111111111111111111111 successfully executed claimEther(0x000000000000000000000000000000000000dEaD, 1), establishing that exploitability was public and permissionless before the observed attack.

3. Vulnerability Analysis & Root Cause Summary

This is an ATTACK-class ACT incident caused by missing authorization on a treasury-withdrawal function. The intended invariant is straightforward: only Stake319's configured operator should be able to move native BNB out of the contract. The live bytecode breaks that invariant because the dispatcher route for selector 0xbfcf63b0 enters jump destination 0x0692 and proceeds directly to a value-bearing CALL.

The collected disassembly excerpt shows the contrast clearly. The guarded path contains:

0000048b: JUMPDEST
0000048c: PUSH1 0x05
0000048e: SLOAD
...
00000498: CALLER
00000499: EQ
...
000004b8: PUSH14 0x6e6f207065726d697373696f6e73

The vulnerable withdrawal path instead contains:

00000692: JUMPDEST
...
000006af: DUP6
000006b0: DUP9
000006b1: DUP9
000006b2: CALL

Because claimEther accepts both recipient and amount from calldata and omits the operator gate, any unprivileged caller can drain any native BNB currently held by the contract. The exploit requires no private state, no privileged credential, and no attacker-specific artifact beyond a standard transaction.

4. Detailed Root Cause Analysis

The exploit path is deterministic from the collected seed artifacts.

First, the transaction metadata shows that EOA 0xe60329a82c5add1898ba273fc53835ac7e6fd5ca sent transaction 0x679028cb0a5af35f57cbea120ec668a5caf72d74fcc6972adc7c75ef6c9a9092 on chain 56, with to = null, meaning the transaction deployed a helper contract. The deployment input embeds the victim contract address and the encoded selector 0x0bfcf63b, which is the function identifier for claimEther(address,uint256).

Second, the execution trace shows the helper contract calling Stake319 and Stake319 forwarding the requested native value:

0xedD632eAf3b57e100aE9142e8eD1641e5Fd6b2c0::claimEther(0xe60329a82c5add1898ba273fc53835ac7e6fd5ca, 20850000000000000000)
...
CALL

The pre-state permissionless simulation independently proves that this was not a special property of the attacker helper. Before the exploit transaction, an arbitrary address was able to call the same function successfully:

0xedD632eAf3b57e100aE9142e8eD1641e5Fd6b2c0::claimEther(0x000000000000000000000000000000000000dEaD, 1)
  ├─ 0x000000000000000000000000000000000000dEaD::fallback{value: 1}()
  └─ ← [Stop]

Transaction successfully executed.

That simulation is the ACT breakpoint. At block 43860719, the public pre-state already satisfied all exploit conditions:

• Stake319 held 20.85 BNB.
• The contract exposed claimEther(address,uint256).
• The function did not restrict msg.sender.
• The attacker only needed public knowledge of the contract balance and address.

Finally, the balance-diff artifact confirms the exact asset movement and net outcome:

{
  "address": "0xe60329a82c5add1898ba273fc53835ac7e6fd5ca",
  "before_wei": "98321998700000000",
  "after_wei": "20948078293700000000",
  "delta_wei": "20849756295000000000"
}

{
  "address": "0xedd632eaf3b57e100ae9142e8ed1641e5fd6b2c0",
  "before_wei": "20850000000000000000",
  "after_wei": "0",
  "delta_wei": "-20850000000000000000"
}

The missing authorization on claimEther is therefore the complete and sufficient root cause. No reentrancy, signature forgery, or external dependency failure is required to explain the incident.

5. Adversary Flow Analysis

The adversary execution flow is a single-transaction theft:

1. The attacker EOA 0xe60329a82c5add1898ba273fc53835ac7e6fd5ca observed that Stake319 held 20.85 BNB.
2. The attacker sent a contract-creation transaction that deployed helper contract 0x54588267066ddbc6f8dcd724d88c25e2838b6374.
3. During the helper constructor, the helper called Stake319.claimEther(attacker, 20850000000000000000).
4. Stake319 executed a raw native transfer and sent its full balance to the attacker EOA.
5. The helper contract's role ended immediately after deployment; the persistent gain accrued to the attacker EOA.

The core exploit transaction can be summarized from the trace and metadata as:

EOA 0xe60329...5ca
  -> deploy helper 0x545882...6374
     -> helper constructor
        -> Stake319.claimEther(0xe60329...5ca, 20850000000000000000)
           -> native CALL transferring 20.85 BNB to attacker

This is a canonical ACT pattern. The attacker did not rely on any secret, whitelist, or pre-existing privileged contract. The helper contract was merely a packaging convenience; the pre-state simulation shows an ordinary EOA call path also succeeds.

6. Impact & Losses

Stake319 lost its entire native treasury balance present at the exploit pre-state. The measured on-chain loss is:

• BNB: 20850000000000000000 wei (20.85 BNB)

The attacker EOA realized a net native balance increase of 20849756295000000000 wei after paying 243705000000000 wei in gas. The economic effect is therefore full depletion of the contract's native BNB holdings in a single transaction.

7. References

• Seed exploit transaction: 0x679028cb0a5af35f57cbea120ec668a5caf72d74fcc6972adc7c75ef6c9a9092
• Victim contract: 0xedD632eAf3b57e100aE9142e8eD1641e5Fd6b2c0
• Attacker EOA: 0xe60329a82c5add1898ba273fc53835ac7e6fd5ca
• Attacker helper contract: 0x54588267066ddbc6f8dcd724d88c25e2838b6374
• Pre-state permissionless call proof showing arbitrary-address success of claimEther
• Disassembly excerpt showing guarded paths at 0x048b and 0x051f versus ungated claimEther path at 0x0692
• Balance-diff artifact confirming full victim depletion and attacker profit