Calculated from recorded token losses using historical USD prices at the incident time.
0x225dA3D879D379FF6510C1CC27Ac8535353f501FBase0x02271c7e1a27bb1a32b5b9cbbe206a6b6ebae1a6Base0x088022cb6b1925aece7d5b5a88a31b7acf28bd55Base0x0b48d1079f877ba3bf38ad9fa1f82a1b563597c4Base0x0de6506f5a746cbc8dd6ffc8938abb11351ac982Base0x0e934d350d86a96e5fce518fb6864def3c23f5c4Base0x0eb8043780e1e8b3c06c50d1ef0af7bdd4e2414eBase0x166498c6306c97ae461eda6604d8b720e096cd1aOn Base, MoltEVM deployed a root token at 0x225dA3D879D379FF6510C1CC27Ac8535353f501F and seeded a public Aerodrome WETH pool at 0x064c9fbed2cce0fdc3600777492bc0413b2cf95e. After that pool was live, attacker EOA 0x4c452e829748e34e11d010e338596433d638f03c repeatedly deployed helper contracts that pretended to be legitimate spawners, invoked privileged MoltEVM mint/exemption hooks, minted arbitrary balances, and dumped the fabricated supply into public liquidity for ETH. The first observed exploit transaction was 0x90f5ff5f6b849e534b40d04dcf37460f49d2314a920beadedd993a8ef43a4e8c at block 43018100; the same primitive was then repeated across the root token and spawned token instances in 10 additional adversary-crafted transactions.
The root cause is a broken authorization check. onlySpawnerToken does not bind privilege to a trusted spawner address. Instead, it accepts any contract caller whose initialized() view returns true, which any attacker can satisfy with a trivial helper contract. The zero-value calldata transaction 0xf328e1ec78806f6e5d556b0366004fe1868f4ac72c17419c6ca6469156aa3c77 from the genesis deployer to the attacker happened later and is not the exploit itself.
MoltEVM is a token system that can spawn additional token instances which inherit the same spawner-only administrative surface. The root token and spawned instances can each have public Aerodrome pools, so any unauthorized mint can be monetized immediately by swapping the fabricated tokens for WETH/ETH through the public router at 0xcF77a3Ba9A5CA399B7c97c74d54e5b1Beb874E43.
0xac779e88faa54dc96ddfea73bbc16bbe90dd307862a1262d5d6b32be3d6de9510x10b7ec56e852351de4951ab2a91fca4099fc4f385dd2171951476c3d497fe03d0x5483edd9d5537823e61f705b4e1618954f11c23572a5b0ead3bf8246b5673e790xdd6ddc1314f0e8d278115a40ad99a1a49a504bb4e195bfce707669c58f4c75fc0x7cdad2127bfb8e2dcd0051669916540e234a89a97a907aa624719537171668ef0xfcd35ea967969a41266cb352ff438aff1aa4d88a28e32ccb0b64aa1177123ecd0x55817ee3feabe1cb022f1cdfad699ee3d295ff10bfc98966417c1c7f61f308e80x71e3f11a09c596898c1264aa820fe10e114d04e5d3e3cded3f3745572ec0c40e0xe770afb80b9c4948348d95377a53fd42bb6c77e4cd490f08936d41d312a710830x311ccc0afede966f5b9c6541547e6d879ef0f445Base0x32979b59d4d0fff72485b53199452ac1d82d0fe8Base0x34b4f74c86fe52abeb042d0691f63c07c7bb640aBase0x38d814bd2b985a194060aa9acb69289fc8c8c889Base0x3d9b7201354c8fdbdd8cdd29ec32ca2b96cc358dBase0x40b16a0a8115b857820a4076508c3c0a1a6851deBase0x439bc289e64fcde439d078fb5ba486f5eaa866b6Base0x519b6cdb545c490ceabc4ba433f93bd285069366Base0x51d209f7572d3e0c4c6aa57fa7200cf2530b6b78Base0x51e61a3168e005a4c58225866e7373fcac011d97Base0x5529b77f8fb04ae87937c71b5332cf703123f645Base0x5aee166fd2717c976fe391d54c7f007a89e53c28Base0x63d2d9698f59135365b401a318a7d0ad1dc7b8eaBase0x66f8052ca8a44c02853ae0163e817de43becbe11Base0x83bac924674edfdf88c5cef3f6f1b36c8550406cBase0x94c35cb889bdcb5ca105ece80af9ddd818eef4e3Base0x9bfe697c9bb235f459b5d13199a10af334700633Base0x9c3000608df1d4acf0c3595b3ab976a6c67e9ff9Base0xa067a9e3854c4ef24f42cac18577210d60188ab4Base0xb66262661b89961f74d32e368f6a1a5f52026e69Base0xbb80a88dd1e488a26944ea028725e91661118c46Base0xc2ca880c1f89cd503b9fb6641ef89f1ff1e81afaBase0xcdf708fdeb8298900191e93a850eae35f465c34aBase0xfaf7d3dcfceb09d80115eb2735fb521f4b41f7c5BaseThe key architectural fact is that these privileged hooks were meant to be callable only by the legitimate parent spawner. In practice, the contract never records or checks a specific trusted spawner identity. Because Aerodrome liquidity is permissionless and the attacker only needs a fresh helper contract plus gas, the exploit is an ACT opportunity rather than a privileged compromise.
This is an ATTACK-class authorization failure. The intended invariant is that only the legitimate parent MoltEVM or Moltling spawner for a child instance may mint supply or change exemption status on that instance. The verified MoltEVM code breaks that invariant by checking only whether msg.sender is a contract and whether msg.sender.staticcall("initialized()") returns true. That predicate is attacker-controlled and does not authenticate identity. As a result, mintFromSpawner can mint arbitrary supply directly to an attacker-controlled address and setExemptFromSpawner can whitelist that same address against transfer restrictions. Once the fabricated tokens exist, the attacker sells them into public Aerodrome liquidity and withdraws ETH profit in the same transaction.
The code-level breakpoint is visible in the verified root-token source:
modifier onlySpawnerToken() {
require(msg.sender.code.length > 0, "not contract");
(bool ok, bytes memory data) = msg.sender.staticcall(abi.encodeWithSignature("initialized()"));
require(ok && data.length == 32 && abi.decode(data, (bool)) == true, "not worm spawner");
_;
}
function mintFromSpawner(address to, uint256 amount) external onlySpawnerToken {
_mint(to, amount);
}
function setExemptFromSpawner(address a, bool v) external onlySpawnerToken {
_setExempt(a, v);
}
The exploitable pre-state is Base block 43018099, after MoltEVM had already deployed the root token and created the Aerodrome WETH pool. At that point, the only remaining requirement for exploitation was a helper contract whose initialized() function returned true.
In the first exploit transaction 0x90f5ff5f6b849e534b40d04dcf37460f49d2314a920beadedd993a8ef43a4e8c, the attacker deployed orchestrator 0xE0536A52e15Efa5F550B168Ceb26A01479e465dE, which in turn deployed fake spawner 0xd4f74693373CF89eB41b1678EcEB33B774269B04. The root token then treated that fake spawner as authorized:
MoltEVM::mintFromSpawner(0xd4f74693373CF89eB41b1678EcEB33B774269B04, 100000000000000000000000000)
0xd4f74693373CF89eB41b1678EcEB33B774269B04::initialized() [staticcall]
Router::swapExactTokensForTokensSupportingFeeOnTransferTokens(...)
WETH9::withdraw(4435669098513314)
That trace proves the critical execution order: the victim contract asks the attacker helper whether it is initialized, accepts the answer, mints unauthorized supply, and the attacker immediately routes the minted balance through Aerodrome to extract ETH.
The same pattern scales cleanly. In transaction 0x10b7ec56e852351de4951ab2a91fca4099fc4f385dd2171951476c3d497fe03d, attacker helper 0xA9bcf8a0804518e4deF8A348e153CF9bC2AC9C0F called setExemptFromSpawner and mintFromSpawner across 12 victim token targets in one transaction, and each victim again validated the helper only by an initialized() staticcall. The revised deterministic refinement artifact enumerates 32 attacked token instances in total across the 11 exploit transactions, including the verified root token and verified WormGenesis instance 0x3d9b7201354c8fdbdd8cdd29ec32ca2b96cc358d.
The success predicate is also deterministic. For the first exploit tx, debug_traceTransaction prestate diff shows attacker EOA 0x4c452e829748e34e11d010e338596433d638f03c moving from 61735213774266739 wei to 66045983529708679 wei, a post-fee increase of 4310769755441940 wei (0.004310769755441940 ETH). That is a direct consequence of the unauthorized mint followed by a public-liquidity sale; no hidden permissions or off-chain side channel are involved.
The on-chain attack flow is consistent across all observed exploit transactions:
initialized() -> true, which is sufficient to satisfy the victim’s onlySpawnerToken modifier.setExemptFromSpawner to flip the helper into the exempt set where needed.mintFromSpawner on the vulnerable token instance, minting arbitrary supply directly to the helper.The first exploit transaction targeted only the root token. Later transactions such as 0x10b7ec56e852351de4951ab2a91fca4099fc4f385dd2171951476c3d497fe03d and 0xe770afb80b9c4948348d95377a53fd42bb6c77e4cd490f08936d41d312a71083 expanded the same helper-contract strategy across many spawned token pools. Across the observed set, the attacker cluster consists of EOA 0x4c452e829748e34e11d010e338596433d638f03c and attacker-created orchestrators including 0xE0536A52e15Efa5F550B168Ceb26A01479e465dE and 0x9ff446a31a6796c8cf1b65129547e549ddc7f2fe.
The measurable impact is ETH drained from public liquidity supporting the MoltEVM root token and spawned vulnerable token instances. The observed gross extraction was 13245134847652521355 wei (13.245134847652521355 ETH) across 11 adversary-crafted exploit transactions. After gas, the attacker cluster retained 13241529885121947119 wei (13.241529885121947119 ETH) net.
The affected victim set is broader than a single token contract. The revised evidence-backed enumeration identifies 32 attacked token instances on Base: the verified root token, one verified WormGenesis instance, and 30 additional unverified vulnerable instances that expose the same fake-spawner primitive.
https://basescan.org/address/0x225dA3D879D379FF6510C1CC27Ac8535353f501F#code0x656db2115205c8915b452453fdde2b320bf37b1a30fa6c5471c1821d85cffa3b0x892fb9165cc7532104f7976c762b987acefa2efd8aa8889c409d4a68cc89e0cb0x90f5ff5f6b849e534b40d04dcf37460f49d2314a920beadedd993a8ef43a4e8c0x10b7ec56e852351de4951ab2a91fca4099fc4f385dd2171951476c3d497fe03d0xe770afb80b9c4948348d95377a53fd42bb6c77e4cd490f08936d41d312a71083/workspace/session/artifacts/auditor/iter_0/evidence_summary.json/workspace/session/artifacts/auditor/iter_1/deterministic_refinement.json