This is a lower bound: only assets with reliable historical USD prices are counted, so the actual loss may be higher.
0x8ba17bea937f062743ef85b1f1f22504d79b2499dece96ccb6171aae5a54020c0xfe33eb082b2374ecd9fb550f833db88cad8d084bBSC0x7c404ad6149bc69e07ecd534b9f4243ef289bd00BSCAt BSC block 82890987, transaction 0x8ba17bea937f062743ef85b1f1f22504d79b2499dece96ccb6171aae5a54020c executed a deterministic ACT exploit against STO tokenomics integrated with the STO/WBNB Pancake pair. The adversary EOA 0x622ddba7ddf86d573504a1d6021258884e601c42 deployed helper contract 0xc2b3613cc32f40c64dd56f7e089ddbcb3ee7e0ea, borrowed temporary WBNB, and repeatedly cycled sell-triggered pair burns plus sync() before swap extraction. This sequence drained WBNB from the pair while forcing large STO burns to 0x000000000000000000000000000000000000dEaD. The attacker then repaid the temporary WBNB source in-transaction and realized net native profit.
Root cause: STO executes pending sell-burn from the pair before handling subsequent sells, and commits the forced reserve change with PancakePair::sync(). This creates an unprivileged reserve-manipulation primitive that can be looped to extract counter-asset liquidity.
The target system is a Pancake V2-style AMM pair (0x7c404ad6149bc69e07ecd534b9f4243ef289bd00) between WBNB (0xbb4cdb9cbd36b01bd1cbaebf2de08d9173bc095c) and STO (0xfe33eb082b2374ecd9fb550f833db88cad8d084b). In normal AMM behavior, reserve updates should reflect user-provided swap input and liquidity operations. If a token contract can debit pair inventory out-of-band and then call sync(), the AMM reserve state can be shifted without paying the counter-asset.
STO’s verified source contains this exact pattern:
if (to == pancakePair) {
require(sellEnabled || isWhitelisted[from], "Sell not enabled");
if (pendingBurnFromSell > 0) {
_executePendingSellBurn();
}
uint256 tax = amount * TAX_RATE / BASIS_POINTS;
uint256 afterTax = amount - tax;
super._update(from, ecosystemWallet, tax);
super._update(from, to, afterTax);
if (!burningStopped && burnEnabled) {
pendingBurnFromSell += afterTax;
emit SellBurn(from, afterTax);
}
}
function _executePendingSellBurn() private {
uint256 pairBalance = balanceOf(pancakePair);
uint256 toBurn = pendingBurnFromSell;
uint256 minReserve = 1000 * 1e18;
if (pairBalance > toBurn + minReserve) {
pendingBurnFromSell = 0;
super._update(pancakePair, DEAD, toBurn);
IPancakePair(pancakePair).sync();
}
}
This is an ATTACK-class protocol-integrity failure in token-to-AMM interaction logic. The safety invariant is that traders should not be able to arbitrarily reduce one side of AMM reserves and commit that reduction via sync() without equivalent payment. STO violates this invariant by executing pending pair-side burn (super._update(pancakePair, DEAD, toBurn)) and syncing reserves before processing the current sell. Because this path is reachable by ordinary sells, any unprivileged actor can trigger repeated reserve contractions. After each contraction, the attacker performs PancakePair::swap and extracts WBNB against manipulated reserves. The exploit is deterministic and permissionless; no privileged role, governance action, or private key compromise is required. The economic result is direct attacker profit and severe pair imbalance.
Pre-state (sigma_B) is public BSC state before block 82890987, including live STO/WBNB pair reserves, STO sell/burn toggles, and all balances. The ACT transaction sequence contains one adversary-crafted transaction (0x8ba17bea...).
Exploit mechanism:
pendingBurnFromSell.sync().PancakePair::swap to withdraw WBNB under the manipulated reserve state.Trace evidence (burn -> sync -> swap loop):
emit Transfer(from: PancakePair, to: 0x000000000000000000000000000000000000dEaD, value: 173391536166673597516860)
PancakePair::sync()
emit Sync(reserve0: 75283664279345624086029, reserve1: 43845297773049838847186)
...
PancakePair::swap(33833054798059979999911, 0, attackerHelper, 0x)
WBNB::transfer(attackerHelper, 33833054798059979999911)
The pattern repeats throughout the same transaction. Quantitatively, the trace contains 40 SellBurn events, with repeatedly shrinking WBNB outputs in later swaps, consistent with progressive pool depletion.
Code-level breakpoint:
_update pre-sell trigger: STO source lines 226-228._executePendingSellBurn forced pair debit and sync: STO source lines 320-321.The EOA deploys helper contract 0xc2b3613c... and starts execution. The helper receives temporary WBNB in the same transaction:
WBNB::transfer(0xc2b3613c..., 360894644170199501239042)
emit Transfer(from: 0x8F73b65B4caAf64FBA2aF91cC5D4a2A1318E5D8C, to: 0xc2b3613c..., value: 360894644170199501239042)
The helper executes repeated STO sell operations that trigger pending burn + sync(), then calls PancakePair::swap to extract WBNB. This loop is observed across the trace with monotonically shrinking swap outputs.
At the end of the transaction, the helper repays the temporary WBNB source, withdraws remaining WBNB to native BNB, and transfers proceeds to the EOA:
WBNB::transferFrom(0xc2b3613c..., 0x8F73b65B4caAf64FBA2aF91cC5D4a2A1318E5D8C, 360894644170199501239042)
WBNB::withdraw(26571266065271298275)
0x622DDba7ddf86d573504a1D6021258884E601c42::fallback{value: 26571266065271298275}()
Measured from balance-diff artifacts:
+26571046020341298275 wei (net, after gas).+6771157603491222778996612 units.-7684346074933575778445683 units.Economic impact: STO/WBNB liquidity was heavily dislocated, WBNB side was drained, and STO inventory was force-burned from the pair. This produced direct adversary profit and severe market integrity damage for STO trading liquidity.
0x8ba17bea937f062743ef85b1f1f22504d79b2499dece96ccb6171aae5a54020c (BSC chainid 56, block 82890987).0xfe33eb082b2374ecd9fb550f833db88cad8d084b (STO).0x7c404ad6149bc69e07ecd534b9f4243ef289bd00 (STO/WBNB Pancake pair).0xbb4cdb9cbd36b01bd1cbaebf2de08d9173bc095c (WBNB).