We do not have a reliable USD price for the recorded assets yet.
0x5f2ea6cb43d14986188fa2f474d9e22502fa95cc76cab72cd6ba1ba146ed137f0x6e30c17d2554dca5a1ac178939764c6bf61ab95aBSC0xc75aa1fa199eac5adabc832ea4522cff6dfd521aBSCOn BSC block 83268463, transaction 0x5f2ea6cb43d14986188fa2f474d9e22502fa95cc76cab72cd6ba1ba146ed137f exploited HedgePay staking proxy 0x6e30c17d2554dca5a1ac178939764c6bf61ab95a. The adversary flash-borrowed HPAY, staked once, then invoked forceExit() 50 times via proxy fallback/delegatecall, repeatedly withdrawing the same principal-sized amount (1173986082679038090893617 HPAY each call). The drained HPAY was swapped through PancakeRouter and converted to BNB; net native gain at the attacker EOA was 26014028087022048755 wei after gas.
Root cause: implementation 0xBe189fe9f84cA531CD979630E1f14757b88dD80d allows repeated forceExit() payouts without consuming the recorded stake position, violating one-time/ bounded-withdrawal accounting.
0x6e30... is a transparent upgradeable proxy; trace shows delegatecalls into implementation 0xBe189f... for staking functions.0xc75aa1fa199eac5adabc832ea4522cff6dfd521a; the exploit path relies on real on-chain token transfers and swaps, not local mocks.0xf603ae6ef2bf30ec77539279efbe80e3e0e8e233, public proxy calls, public router swaps.This is an attack-class accounting flaw in staking exit logic. The vulnerable component is the staking implementation behind proxy 0x6e30..., specifically forceExit() (selector 0x67acc704) executed through delegatecall. Trace evidence shows one stake(...) call and then 50 forceExit() calls, each transferring the same HPAY amount from proxy treasury to attacker executor. The stake state is initialized during stake, but no corresponding state-consumption pattern is observed during repeated exits; instead, withdrawals keep succeeding until pool balance is depleted. This violates the invariant that cumulative exit payout for an account must not exceed recorded principal. Because the function is publicly callable and requires no privileged keys, any unprivileged actor can realize the opportunity when pool liquidity exists.
The exploit mechanism is fully observable in a single transaction trace:
0xBe189f...::stake(1197944982325549072340425) [delegatecall] // 1 time
0xBe189f...::forceExit() [delegatecall] // 50 times
Trace also shows the stake-position storage write on stake:
@ 0xfa485f000aae286e8df2ef850d48a6ed4147dd9dd894d02c294a211452ed475f:
0 -> 0x00000000000000000000000000000000000000000000f899e9bea7bd720f5931
Then each forceExit() performs the same payout-sized HPAY transfer:
HedgeToken::transfer(0x0dc0c0e040cadcc3855fa347daa192bc5fc9d6e8,
1173986082679038090893617)
emit Transfer(src: 0x6E30..., dst: 0x0dc0..., wad: 1173986082679038090893617)
Observed invariant break:
Measured outcome from balance diffs:
-57525318051272866453787233.+26014028087022048755 wei (net after gas).Exploit conditions (ACT-realizable):
forceExit() is publicly reachable and does not enforce one-time principal consumption.Security principles violated:
Transaction: 0x5f2ea6cb43d14986188fa2f474d9e22502fa95cc76cab72cd6ba1ba146ed137f (BSC 56, block 83268463).
0x734e1bda62e779878f6c6f9f42d793badf247244 initiates exploit deployment/execution (0xcabba5..., 0x0dc0...).0xf603....1197944982325549072340425 HPAY via proxy.forceExit() 50 times (delegatecall into 0xBe189f...).1173986082679038090893617 HPAY from proxy to executor.0x10ed43c718714eb63d5aa57b78b54704e256024e.26014224201105944931 wei before fee accounting; net native delta at EOA is 26014028087022048755 wei.Adversary-related accounts:
0x734e1bda62e779878f6c6f9f42d793badf247244 (EOA sender and profit recipient)0xcabba5f0d9911d46010d50a0f6d8bafa2b019114 (orchestrator contract)0x0dc0c0e040cadcc3855fa347daa192bc5fc9d6e8 (primary exploit executor)Primary deterministic loss:
0xc75aa1fa199eac5adabc832ea4522cff6dfd521a)0x6e30c17d2554dca5a1ac178939764c6bf61ab95a57525318051272866453787233 HPAY unitsProfit realization:
26014028087022048755 wei BNB (after gas).0x5f2ea6cb43d14986188fa2f474d9e22502fa95cc76cab72cd6ba1ba146ed137fartifacts/collector/seed/56/0x5f2ea6cb43d14986188fa2f474d9e22502fa95cc76cab72cd6ba1ba146ed137f/trace.cast.logartifacts/collector/seed/56/0x5f2ea6cb43d14986188fa2f474d9e22502fa95cc76cab72cd6ba1ba146ed137f/balance_diff.jsonartifacts/collector/seed/56/0x5f2ea6cb43d14986188fa2f474d9e22502fa95cc76cab72cd6ba1ba146ed137f/metadata.jsonroot_cause.json