WXC Pair Burn Drain

1. Incident Overview TL;DR

An unprivileged attacker exploited WXC on BNB Chain in tx 0x1397bc7f0d284f8e2e30d0a9edd0db1f3eb0dd284c75e30d226b02bf09ad068f by combining a public 49.15 WBNB Moolah flash loan with WXC's sell path. The critical flaw is that WXC's transfer logic is allowed to burn tokens from the WXC/WBNB Pancake pair itself and then force the pair to adopt the manipulated balance via sync(). That let the attacker collapse the pair's WXC reserve and then extract almost all WBNB from the pool, ending with 37.553707799191219441 WBNB-equivalent net profit after gas.

2. Key Background

WXC is the proxy token at 0x8087720eeea59f9f04787065447d52150c09643e, delegating to implementation 0x4c100d30d9c511b8bb9d1c951bbc1be489a0172f. The exploited public market is the Pancake pair 0xda5c7ea4458ee9c5484fa00f2b8c933393bac965 against WBNB 0xbb4cdb9cbd36b01bd1cbaebf2de08d9173bc095c. The attacker used helper contract 0x798465b25b68206370d99f541e11eea43288d297, created by EOA 0x476954c752a6ee04b68382c97f7560040eda7309, and sourced temporary capital from the public Moolah flash-loan contract 0x8f73b65b4caaf64fba2af91cc5d4a2a1318e5d8c.

3. Vulnerability Analysis & Root Cause Summary

The root cause is not a router issue or a flash-loan issue; it is WXC mutating AMM state from inside token transfer logic. During the sell path, WXC emits two Transfer(pair, zero, burnAmount) burns from the pair address itself and then calls the pair's sync() function. That sequence lets a normal seller rewrite the pair's effective reserve before Pancake's final price calculation completes. The trace shows the pair reserve moving from 70665245821838373169270717 WXC and 86951305430561407603 WBNB to 199903442675259351470152 WXC and the same WBNB reserve immediately after the forced sync. Once that distorted reserve state exists, the following swap can legitimately pull 86704715963191219440 WBNB from the pool. The violated invariant is that token transfer hooks must never arbitrarily reduce pair inventory and then force AMM reserves to accept that manipulated balance.

4. Detailed Root Cause Analysis

The exploit transaction begins when the attacker EOA calls helper 0x798465b25b68206370d99f541e11eea43288d297, which then borrows 49150000000000000000 WBNB from Moolah. The helper uses the WXC/WBNB Pancake pair to buy 74963130190599057252979324 WXC, confirmed by receipt Transfer logs from the pair to the helper and the trace's first Swap.

The decisive behavior appears when the helper sells WXC back through Pancake Router. In the trace, WXC emits SellTransaction, two pair-originated burns of 70465342379163113817800565 WXC each, and custom event topic 0x8745314a2adca1c16495e5b0359e3085ce9a38f6bfb53a6ef287c6997c785344. Immediately afterward the trace records:

emit Sync(reserve0: 199903442675259351470152, reserve1: 86951305430561407603)

That reserve collapse is the exploit breakpoint. The pair now believes almost all WXC liquidity disappeared while its WBNB side remained intact. The next Pancake pair swap therefore transfers out:

emit Transfer(src: PancakePair, dst: 0x798465B25B68206370D99f541e11EEA43288D297, wad: 86704715963191219440)
emit Sync(reserve0: 70665245821838373169270717, reserve1: 246589467370188163)

The helper repays the flash loan principal to Moolah inside the same transaction and then forwards 37554715963191219441 WBNB to the attacker EOA. With gas cost of 1008164 gas at 1 gwei, the measured net attacker gain is 37553707799191219441 WBNB-equivalent. The loss source is the WXC/WBNB pair, whose WBNB balance fell from 42149274186936587003 to 246589467370188163.

5. Adversary Flow Analysis

The attacker lifecycle has two on-chain stages before profit realization. First, the attacker EOA created helper contract 0x798465b25b68206370d99f541e11eea43288d297 in tx 0xeb1cacfd6a1ed67d599144dc74269afad7e06eaf7607d628e196c20e0e103791; the creation record directly links that helper to the same EOA that later sent the exploit transaction. Second, in the exploit tx, the helper borrowed WBNB from Moolah, bought WXC from the public pair, triggered WXC's sell path through Pancake Router, let WXC burn pair-held supply and sync the pair, drained WBNB using the distorted reserve ratio, repaid Moolah, and paid the remaining WBNB to the EOA.

The core on-chain sequence is visible in the seed trace:

Moolah::flashLoan(...)
PancakePair::swap(..., 74963130190599057252979324 WXC, ..., data=0x01)
PancakeRouter::swapExactTokensForTokensSupportingFeeOnTransferTokens(...)
WXC sell path burns pair-held WXC twice and calls sync()
PancakePair::swap(0, 86704715963191219440 WBNB, attackerHelper, 0x)
WBNB::transfer(Moolah, 49150000000000000000)
WBNB::transfer(attackerEOA, 37554715963191219441)

This is ACT because every step uses public contracts, public liquidity, and a public flash-loan entrypoint. No privileged role, whitelist bypass, attacker-only artifact, or private orderflow is required.

6. Impact & Losses

The direct victim is the WXC/WBNB Pancake pair 0xda5c7ea4458ee9c5484fa00f2b8c933393bac965. Its WBNB holdings dropped by 41902684719566398840 wei, or 41.902684719566398840 WBNB. The attacker EOA realized 37.553707799191219441 WBNB-equivalent net profit after gas, while 4347968756375179399 wei of WBNB was routed to token-side fee recipient 0x27391d90ff854bb8d0cc56c0a17f884f9a31c8ab during the exploit path.

7. References

• Exploit tx: 0x1397bc7f0d284f8e2e30d0a9edd0db1f3eb0dd284c75e30d226b02bf09ad068f
• Helper creation tx: 0xeb1cacfd6a1ed67d599144dc74269afad7e06eaf7607d628e196c20e0e103791
• WXC proxy: 0x8087720eeea59f9f04787065447d52150c09643e
• WXC implementation: 0x4c100d30d9c511b8bb9d1c951bbc1be489a0172f
• WXC/WBNB pair: 0xda5c7ea4458ee9c5484fa00f2b8c933393bac965
• Moolah flash-loan contract: 0x8f73b65b4caaf64fba2af91cc5d4a2a1318e5d8c
• Evidence sources: seed trace, exploit receipt logs, implementation runtime disassembly, and helper creation record collected under the session artifacts