No token-level loss is recorded for this incident.
No token-level loss detail has been recorded for this incident yet.
0x71fdd93cba2893dd1dd5a7b4a0716b85301fe4b517d7a56ac7e6050007d7f4350xe6cf7f08f006598dcff193239dc1c7fbd956f9c0BSC0xc6bd251a431eea25aade0f557f25a27e0ed38194BSCIn BNB Smart Chain transaction 0x71fdd93cba2893dd1dd5a7b4a0716b85301fe4b517d7a56ac7e6050007d7f435 at block 85808807, attacker EOA 0x84d2801336d2bcb301ad7d1c24c9ca7e5224fc16 used helper contract 0x14e7b8e7928835d3ca1bb917f5cfd7d8f340a0b3 to take over proxy 0xe6cf7f08f006598dcff193239dc1c7fbd956f9c0. The transaction first initialized the live proxy with attacker-chosen authority and then upgraded it from implementation 0xc6bd251a431eea25aade0f557f25a27e0ed38194 to attacker-controlled implementation 0x07060b4a4807738faeb24619705731e1a4059fbf.
The root cause is a deployment and access-control failure: the proxy was already live but still uninitialized, and the implementation exposed public initialize(address,address,address) and upgradeToAndCall(address,bytes) paths through the proxy. Because initialization only depended on zeroed Initializable state, the first unprivileged caller could assign privileged storage to an attacker-controlled address and immediately satisfy the owner check that guarded the UUPS upgrade path.
The victim component is an unverified proxy at 0xe6cf7f08f006598dcff193239dc1c7fbd956f9c0 on BNB Smart Chain. Before the exploit transaction, its EIP-1967 implementation slot already pointed to runtime 0xc6bd251a431eea25aade0f557f25a27e0ed38194. The collected bytecode notes show that this runtime exposes both and through a UUPS-style upgrade surface.
initialize(address,address,address)upgradeToAndCall(address,bytes)The trace and bytecode analysis show two important implementation properties. First, initialize writes caller-supplied addresses into privileged proxy storage and sets initialization/config values. Second, upgradeToAndCall reads the packed owner from proxy storage slot 0, requires CALLER == owner, checks proxiableUUID() on the proposed implementation, and then rewrites the EIP-1967 implementation slot.
The observed helper contract 0x14e7b8e7928835d3ca1bb917f5cfd7d8f340a0b3 is attacker-side tooling, not a victim dependency. Its runtime hardcodes sender 0x84d2801336d2bcb301ad7d1c24c9ca7e5224fc16 before executing the exploit sequence, but that check only constrains the observed helper. Under the ACT model, any unprivileged attacker can deploy an equivalent helper and replacement implementation.
This is an ATTACK-class ACT opportunity caused by an uninitialized upgradeable proxy. The exploit does not depend on private keys, privileged roles, or hidden calldata. It depends only on a live proxy whose initialization state and owner-packed storage were still zero when the attacker arrived.
The critical invariant is straightforward: a deployed upgradeable proxy must never let an unprivileged caller assign privileged initialization state or authorize an implementation upgrade after deployment. That invariant failed because initialize(address,address,address) remained publicly reachable through the proxy and only enforced one-time initialization semantics. The first caller could therefore write attacker-chosen authority into slots later consulted by the upgrade authorization logic. Once slot 0 was attacker-controlled, upgradeToAndCall(address,bytes) became reachable to the same attacker-controlled helper, which then installed arbitrary attacker code. The exploit is deterministic because the authorization state change and the upgrade happen in the same transaction.
At the start of block 85808807, proxy 0xe6cf7f08f006598dcff193239dc1c7fbd956f9c0 already pointed to implementation 0xc6bd251a431eea25aade0f557f25a27e0ed38194, but the initializer-controlled storage later touched by initialize was still zero. The top-level transaction was sent to helper 0x14e7b8e7928835d3ca1bb917f5cfd7d8f340a0b3, whose calldata embedded the victim proxy address, the attacker-chosen replacement implementation, and a follow-up payload.
The first breakpoint is the delegated initialize(address,address,address) call through the proxy. The seed trace shows the helper calling the proxy, the proxy delegating into implementation 0xc6bd251a431eea25aade0f557f25a27e0ed38194, and the implementation writing attacker-controlled addresses into privileged proxy slots:
0xe6cf7f08f006598DcFf193239Dc1C7fbd956f9c0::initialize(
0x14E7b8e7928835d3cA1BB917f5cFd7D8f340a0B3,
0x14E7b8e7928835d3cA1BB917f5cFd7D8f340a0B3,
0x14E7b8e7928835d3cA1BB917f5cFd7D8f340a0B3
)
storage changes:
@ 0: 0 -> 0x00000000000000000000000014e7b8e7928835d3ca1bb917f5cfd7d8f340a0b3
@ 1: 0 -> 0x00000000000000000000000014e7b8e7928835d3ca1bb917f5cfd7d8f340a0b3
@ 2: 0 -> 0x00000000000000000000000014e7b8e7928835d3ca1bb917f5cfd7d8f340a0b3
@ 3: 0 -> 0x00000000000000000000000014e7b8e7928835d3ca1bb917f5cfd7d8f340a0b3
@ 4: 0 -> 1
@ 5: 0 -> 1800
@ 6: 0 -> 43200
The second breakpoint is the delegated upgradeToAndCall(address,bytes) call. The bytecode notes identify selector 0x4f1ef286 as upgradeToAndCall, and the trace shows it checking proxiableUUID() on the new implementation and then rewriting the EIP-1967 implementation slot:
0xe6cf7f08f006598DcFf193239Dc1C7fbd956f9c0::upgradeToAndCall(
0x07060b4A4807738fAeb24619705731e1A4059Fbf,
0x
)
0x07060b4A4807738fAeb24619705731e1A4059Fbf::proxiableUUID()
storage changes:
@ 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc:
0x000000000000000000000000c6bd251a431eea25aade0f557f25a27e0ed38194
-> 0x00000000000000000000000007060b4a4807738faeb24619705731e1a4059fbf
After the upgrade, the attacker-controlled implementation receives a delegatecall payload and persists attacker-chosen state on the proxy. That confirms the exploit predicate is not merely transient authorization bypass; it is a full proxy-control takeover. The violated security principles are: initialize upgradeable proxies atomically at deployment, never expose first-writer authority assignment on a live proxy, and never rely on deployment sequencing as an access-control boundary.
The adversary cluster identified in the evidence is:
0x84d2801336d2bcb301ad7d1c24c9ca7e5224fc16, which sent the exploit transaction.0x14e7b8e7928835d3ca1bb917f5cfd7d8f340a0b3, which executed the multi-step takeover.0x07060b4a4807738faeb24619705731e1a4059fbf, which satisfied the UUPS UUID check and then ran attacker logic on the proxy.The observed execution flow is:
0x14e7....initialize(address,address,address) path with its own address repeated as the privileged values.0 from zero to the helper address, making the helper satisfy the subsequent upgrade authorization check.upgradeToAndCall(address,bytes), installing attacker-controlled implementation 0x07060....The transaction sequence is permissionless under the ACT model. The observed helper contract contains a hardcoded sender check, but that is attacker-side orchestration only; any unprivileged attacker can deploy an equivalent helper and an equivalent UUPS-compatible implementation to reproduce the takeover on the same pre-state.
The realized impact is a complete non-monetary takeover of proxy 0xe6cf7f08f006598dcff193239dc1c7fbd956f9c0. The attacker gained the ability to initialize privileged storage, replace the live implementation, and execute arbitrary delegatecall logic in the proxy's storage context.
The provided seed transaction evidence does not show direct ERC-20 extraction. The collected balance diff contains no ERC-20 balance deltas and only shows native gas expenditure by the attacker EOA:
0x84d2801336d2bcb301ad7d1c24c9ca7e5224fc16:
76014681948258840 wei -> 75852289098258840 wei
delta: -162392850000000 wei
For that reason, the incident is reported as a control-takeover event with no quantified token loss in the seed transaction artifacts.
0x71fdd93cba2893dd1dd5a7b4a0716b85301fe4b517d7a56ac7e6050007d7f435 on BNB Smart Chain.0xe6cf7f08f006598dcff193239dc1c7fbd956f9c0.0xc6bd251a431eea25aade0f557f25a27e0ed38194.0x14e7b8e7928835d3ca1bb917f5cfd7d8f340a0b3.0x07060b4a4807738faeb24619705731e1a4059fbf.initialize and upgradeToAndCall execution.