Calculated from recorded token losses using historical USD prices at the incident time.
0xbeefd8faba2aa82704afe821fd41b670319203dd9090f7af8affdf6bcfec2d610xb57e874082417b66877429481473cf9fcd8e0b8aEthereum0x1fb4904b26de8c043959201a63b4b23c414251e2EthereumOn Ethereum mainnet block 19277803, transaction 0xbeefd8faba2aa82704afe821fd41b670319203dd9090f7af8affdf6bcfec2d61 drained the public DN/WETH Uniswap V2 pair by abusing a self-transfer accounting bug in the DeezNutz token at 0xb57e874082417b66877429481473cf9fcd8e0b8a. The attacker EOA 0xd215ffaf0f85fb6f93f11e49bd6175ad58af0dfd called helper contract 0xd129d8c12f0e7aa51157d9e6cc3f7ece2dc84ecd, borrowed WETH from the Balancer vault, bought DN, inflated its DN balance through repeated self-transfers, sold the inflated DN back into the DN/WETH pair, repaid the flash loan, and kept the residual value as profit.
The root cause is a storage-aliasing flaw in DN404Reflect._transfer. When from == to, the function computes separate temporary sender and receiver states and then writes both states back through the same storage record. The second write overwrites the sender-side debit with the receiver-side credit, so a self-transfer increases the caller’s DN balance instead of preserving it.
DeezNutz inherits DN404Reflect and uses reflected-balance accounting together with a 2.5% tax fee. That design means each transfer updates both reflected balances and user-visible balances, so correctness depends on sender and receiver state being kept distinct throughout the transfer path.
The drained market was the verified DN/WETH Uniswap V2 pair at 0x1fB4904b26DE8C043959201A63b4b23C414251E2. Pair source verification is now persisted in the validator-reviewed Etherscan artifact, which identifies the contract as UniswapV2Pair. Because this liquidity venue was public and Balancer flash loans were permissionless, any unprivileged actor could reproduce the required funding and trading sequence from public chain state alone.
Before the exploit, the pair held material WETH liquidity. The collector artifacts record pre-attack reserves of 60633751849484929170081096 DN and 59087960396039603932 WETH. That public liquidity made it possible to monetize any inflated DN balance immediately by selling back into the same pool.
This incident is an ATTACK-class exploit caused by broken token accounting, not by privileged access or a private dependency. The critical invariant is simple: when from == to, a transfer must not increase the account’s spendable balance beyond any explicitly modeled fee effect. DeezNutz violates that invariant in the non-excluded transfer path of DN404Reflect._transfer.
The vulnerable code reads sender and receiver state into independent temporaries, subtracts rAmount from the sender-side reflected balance, adds rTransferAmount to the receiver-side reflected balance, computes separate visible balances, and then writes both results back to storage. That logic is only safe when sender and receiver are different accounts. On a self-transfer, fromAddressData and toAddressData alias the same storage slot, so the later receiver-side write overwrites the earlier sender-side debit. The same overwrite happens for the visible token balance, which means the attacker exits each self-transfer with more DN than before.
Once the attacker had any positive DN balance, the bug became directly monetizable. The helper contract repeatedly bought DN from the pool, self-transferred a fraction of that balance eight times per cycle, and sold the inflated balance back into the pair. The attack required no privileged role, no compromised keys, and no private off-chain artifact.
The key victim-side logic sits in DN404Reflect._transfer:
else if (!fromAddressData.isExcluded && !toAddressData.isExcluded) {
t.rOwnedFrom = t.rOwnedFrom - rAmount;
t.rOwnedTo = t.rOwnedTo + rTransferAmount;
t.fromBalance = tokenFromReflection(t.rOwnedFrom);
t.toBalance = tokenFromReflection(t.rOwnedTo);
}
fromAddressData.rOwned = t.rOwnedFrom;
toAddressData.rOwned = t.rOwnedTo;
fromAddressData.balance = uint96(t.fromBalance);
toAddressData.balance = uint96(t.toBalance);
This code is correct only when from and to refer to different AddressData records. In the exploit path, the helper contract calls transfer(address(this), amount). That makes fromAddressData and toAddressData the same storage object. The sender-side reflected debit is computed first, but the later receiver-side assignment writes back a larger reflected balance derived from t.rOwnedTo + rTransferAmount. The visible balance field is overwritten the same way. The result is deterministic balance inflation on every self-transfer.
The transaction evidence matches that mechanism exactly. The persisted receipt for 0xbeefd8faba2aa82704afe821fd41b670319203dd9090f7af8affdf6bcfec2d61 shows:
Transfer events where from == to == 0xd129d8c12f0e7aa51157d9e6cc3f7ece2dc84ecd.The attacker used Balancer’s vault at 0xBA12222222228d8Ba445958a75a0704d566BF2C8 as the funding primitive. The trace and receipt show a WETH transfer of 2399194142482034102292 wei from the vault to the helper contract, followed by the buy / self-transfer / sell loop, followed by repayment of the same flash-loan amount.
The collector balance diff closes the loop economically. The attacker EOA’s native ETH balance increased from 43074490417149284676 wei to 100947911797534475919 wei, a net gain of 57873421380385191243 wei after gas. Over the same transaction, the pair’s WETH reserve fell from 59087960396039603932 wei to 429870128343082725 wei, confirming that the inflated DN was successfully converted into extracted WETH value.
The end-to-end attack was a single transaction executed by EOA 0xd215ffaf0f85fb6f93f11e49bd6175ad58af0dfd through helper contract 0xd129d8c12f0e7aa51157d9e6cc3f7ece2dc84ecd.
First, the helper borrowed 2399194142482034102292 wei of WETH from Balancer via the vault’s permissionless flash-loan interface. That supplied enough temporary capital to buy DN from the public pair at meaningful size.
Second, the helper bought DN from the DN/WETH pair and then executed eight self-transfers per exploit cycle. The receipt shows 152 self-transfer events total, which corresponds to 19 exploit cycles. Each self-transfer preserved the credited receiver-side state while discarding the debited sender-side state, so the helper’s DN balance grew within the same transaction without any legitimate mint path.
Third, the helper sold the inflated DN back into the pair in two sells per cycle, for 38 sell-side swaps total. The pair emitted swap and sync events showing DN flowing in and WETH flowing out, and the final reserve state confirms that most of the pair’s WETH liquidity had been drained.
Finally, the helper repaid the Balancer flash loan and delivered the residual value back to the controlling EOA. Because all required components were public and permissionless, this was an ACT opportunity: a fresh unprivileged adversary could reconstruct the same pre-state, use its own clean addresses, borrow public liquidity, and realize profit through the same invariant break.
The measurable loss was borne by the DN/WETH liquidity pool. The pair lost 58658090267696521207 wei of WETH, which is 58.658090267696521207 WETH, and ended the transaction with only 429870128343082725 wei of WETH remaining.
The exploit also left the pair with an extremely bloated DN inventory of 8490408686788717247500790512 units, which destroyed the market’s prior price relationship and rendered the pool unusable at the pre-attack level. The attacker EOA realized 57873421380385191243 wei of net ETH profit after gas.
0xbeefd8faba2aa82704afe821fd41b670319203dd9090f7af8affdf6bcfec2d61UniswapV2PairDN404Reflect._transfer