All incidents
Loading report...
Overview
Code Analysis
Execution Trace
Root Cause Analysis
Rendering incident details
0xe1e7fa81c3761e2698aa83e084f7dd4a1ff907bcfc4a612d54d92175d4e8a28b0x04227350eda8cb8b1cfb84c727906cb3ccbff547BSC0x38231f8eb79208192054be60cb5965e34668350aBSCOn BSC block 48415276, transaction 0xe1e7fa81c3761e2698aa83e084f7dd4a1ff907bcfc4a612d54d92175d4e8a28b used a public USDT flash loan, 66 attacker-controlled helper addresses, and the live YB/USDT Pancake V2 pool to extract 26.229577432433534433 WBNB-equivalent profit. The attacker first bought YB through many sub-cap recipients, consolidated the tokens into one orchestrator contract, and then sold in repeated chunks. During each sell, YB's own token logic removed additional YB from the pair and called sync(), so the AMM reserves were updated to an attacker-improved price before the unwind finished.
The root cause is an application-level attack in YB's verified token code. YB violates the AMM reserve model by mutating the pair balance from inside the token sell hook, and its anti-whale checks only constrain the immediate buy recipient. Because both weaknesses are reachable by any unprivileged actor using public contracts and public liquidity, the incident is a deterministic ACT opportunity.
The victim token is YB at 0x04227350eda8cb8b1cfb84c727906cb3ccbff547, traded against USDT in Pancake pair 0x38231f8eb79208192054be60cb5965e34668350a. The exploit was funded by public flash liquidity from Pancake V3 pool 0x36696169c63e42cd08ce11f5deebbcebae652050.
Pancake V2 style pairs assume reserve changes happen only through pair-controlled actions such as mint, burn, swap, skim, and sync. A token contract is not supposed to silently debit tokens from the pair during an ordinary user transfer and then force a reserve refresh. If that happens, the pair's price can be shifted without the normal AMM accounting path.
YB adds custom buy and sell logic on top of ERC-20 transfers. The relevant pre-state checks are still active before the exploit:
assertEq(IYB(YB).maxBuyAmount(), 5e18);
assertEq(IYB(YB).maxWalletAmount(), 5e18);
assertEq(IYB(YB)._sellRate(), 1000);
assertEq(IYB(YB)._sellBurnRate(), 10000);
Those values matter because they show the attacker did not rely on a post-incident configuration change. The exploitable sell hook and the weak recipient-only buy limits were already live in the public pre-state at block 48415275.
The core safety invariant is straightforward: a user sell into the YB/USDT pair must not gain pricing power by having YB token code arbitrarily remove inventory from the pair outside the pair's own swap accounting. YB breaks that invariant in its sell-side transfer hook.
The first weakness is the buy-limit design. In YB's _transfer logic, the max-buy and max-wallet checks only apply when the direct sender is a swap pair and only against the immediate recipient address:
if (_swapPairList[from]) {
require(amount <= maxBuyAmount, "ERC20: > max tx amount");
require(amount.add(balanceOf(to)) <= maxWalletAmount, "ERC20: > max wallet amount");
}
That means a strategy using many helper addresses can receive many independent sub-cap buys and then consolidate the balances afterward with ordinary token transfers or transferFrom.
The second weakness is the actual exploit primitive. In the sell path, _tokenTransfer computes an extra contractSellAmount proportional to the user's sale and routes it into swapTokenForFund. Inside swapTokenForFund, YB directly debits the pair and synchronizes reserves:
_standTransfer(
_mainPair,
address(0xdead),
(contractSellAmount * _sellBurnRate) / 10000
);
ISwapPair(_mainPair).sync();
Because _sellBurnRate is 10000, the full computed amount is removed from the pair on each sell chunk. This shrinks the pair's YB reserve without a matching USDT flow through the pair's normal invariant path, causing the pair price to ratchet upward during the attacker unwind.
The exploit starts from public state. The seed metadata shows the attacking EOA 0x00000000b7da455fed1553c4639c4b29983d8538 submitted transaction 0xe1e7fa81... to orchestrator contract 0xbdcd584ec7b767a58ad6a4c732542b026dceaa35. The seed trace shows the flash-loan funding step directly:
emit Transfer(
from: 0x36696169C63e42cd08ce11f5deeBbCeBae652050,
to: 0xBDCD584eC7B767A58Ad6A4C732542b026DCEAa35,
value: 19200000000000000000000
)
With that USDT, the orchestrator bought YB repeatedly through helper addresses. The trace contains 66 YB approval events from helper contracts back to the orchestrator, confirming the multi-address accumulation phase that bypassed the recipient-only cap logic.
Once YB was consolidated, the orchestrator sold in repeated chunks. Each chunk triggered the sell hook, which pulled extra YB inventory out of the pair and then forced a reserve sync. The end of the seed trace shows the manipulated reserve state after the unwind:
emit Sync(reserve0: 186441473384874340234, reserve1: 24708902542404938432013)
emit Swap(sender: 0xBDCD584eC7B767A58Ad6A4C732542b026DCEAa35, amount0In: 2095269242820732082, amount1In: 0, amount0Out: 0, amount1Out: 280137984139662868580, to: 0xBDCD584eC7B767A58Ad6A4C732542b026DCEAa35)
The balance-diff artifact independently confirms the pair distortion. The YB/USDT pair's USDT balance rose from 17364369963469449701778 to 24708902542404938432013, while the YB reserve observed in the trace finished far below the pre-state level. The attacker then repaid the flash loan and converted the residual proceeds into WBNB.
The realized profit is also evidence-backed. The seed balance diff records that the attacker EOA's native gas cost was 22349241720000000 wei and that the final net extracted value was 26229577432433534433 units of WBNB, matching the impact section in root_cause.json.
The attacker cluster consists of:
0x00000000b7da455fed1553c4639c4b29983d8538, which submitted the transaction and received final profit.0xbdcd584ec7b767a58ad6a4c732542b026dceaa35, which handled the flash loan, swaps, consolidation, repayment, and realization.0xd38c3a8930e20c141a00dd06ecbeea91e3d4ae9f, which each received one capped YB buy and later approved the orchestrator to collect the balance.The execution flow is:
19,200 USDT from Pancake V3 flash pool 0x36696169c63e42cd08ce11f5deebbcebae652050.5e18 max-buy and max-wallet checks.sync().This is fully permissionless. No privileged keys, private order flow, or attacker-specific incident artifacts are required to realize the same behavior from the public pre-state.
The measurable loss is 26229577432433534433 raw WBNB units, which is 26.229577432433534433 WBNB at 18 decimals. The affected venue is the public YB/USDT Pancake pair, so the loss is borne by liquidity in that market rather than by a privileged treasury-only balance.
{
"token_symbol": "WBNB",
"amount": "26229577432433534433",
"decimal": 18
}
The exploit also demonstrates that YB's anti-whale controls did not materially constrain adversarial accumulation. They only changed the shape of the attack by forcing the attacker to distribute buys across helper addresses before consolidation.
0xe1e7fa81c3761e2698aa83e084f7dd4a1ff907bcfc4a612d54d92175d4e8a28b0x00000000b7da455fed1553c4639c4b29983d85380xbdcd584ec7b767a58ad6a4c732542b026dceaa350x04227350eda8cb8b1cfb84c727906cb3ccbff5470x38231f8eb79208192054be60cb5965e34668350a0x36696169c63e42cd08ce11f5deebbcebae652050artifacts/collector/seed/56/0x04227350eda8cb8b1cfb84c727906cb3ccbff547/src/Contract.solartifacts/collector/seed/56/0xe1e7fa81c3761e2698aa83e084f7dd4a1ff907bcfc4a612d54d92175d4e8a28b/trace.cast.logartifacts/collector/seed/56/0xe1e7fa81c3761e2698aa83e084f7dd4a1ff907bcfc4a612d54d92175d4e8a28b/balance_diff.json