Clara
All incidents

V-Dimension Mint/Redeem Drain

Share
Jul 16, 2025 17:31 UTCAttackLoss: 90,512.97 AVDPending manual check1 exploit txWindow: Atomic
Estimated Impact
90,512.97 AVD
Label
Attack
Exploit Tx
1
Addresses
1
Attack Window
Atomic
Jul 16, 2025 17:31 UTC → Jul 16, 2025 17:31 UTC

Exploit Transactions

TX 1BSC
0x0e01fd8798f970fd689014cb215e622aca8b7c8c243176c5b504e0043402e31f
Jul 16, 2025 17:31 UTCExplorer

Victim Addresses

0x6ce69d7146dbaae18c11c36d8d94428623b29d5aBSC

Loss Breakdown

90,512.97AVD

Similar Incidents

PHIL Public Mint Drain

37%
Dec 14, 2023 11:04 UTC·2.1 WBNB

LAYER3 Oracle-Mint Drain

37%
Jul 07, 2023 14:24 UTC·9,700.4 USDT

WXC Pair Burn Drain

36%
Aug 11, 2025 02:59 UTC·41.9 WBNB

APIG Self-Transfer Mint Drain

35%
Sep 08, 2023 11:59 UTC·72,128.58 USDT +1 more

Public Mint Drains USDT Pair

34%
May 06, 2023 01:56 UTC·90,488.67 USDT

GGGTOKEN Treasury Drain via receive()

34%
May 12, 2023 02:10 UTC·172,248.76 USDT

Root Cause Analysis

V-Dimension Mint/Redeem Drain

1. Incident Overview TL;DR

An unprivileged attacker exploited V-Dimension on BNB Chain in tx 0x0e01fd8798f970fd689014cb215e622aca8b7c8c243176c5b504e0043402e31f by using public flash-loan liquidity to buy AVD, deposit that AVD into V-Dimension, and then redeem VDS back into AVD at a mismatched rate. The exploit drained 90,512,965,102 raw AVD units from the victim contract and left the attacker helper with 11,136,138,946,295,503,963,408 raw USDT units before gas, or 11,136,084,092,109,101,741,627 raw USDT units after gas valuation. The root cause is an accounting mismatch: deposit(address,uint256) mints VDS at amount * TokenRate / 100, while the redemption path triggered by transfer(address(this), amount) releases underlying AVD 1:1 against returned VDS.

2. Key Background

V-Dimension at 0x6ce69d7146dbaae18c11c36d8d94428623b29d5a is an ERC20-like contract whose configured underlying token at the exploit pre-state was AVD at 0x4ec93ee81f25da3c8e49f01533cfb734545190a8. The exploit-block configuration showed TokenRate = 500, min3Amount = 10000000000, and sufficient AVD inventory inside the victim to satisfy a large redemption.

The attacker operated through helper contract 0x383794a0c68e5c8c050f8f361b26a22b3f60eccf, deployed by EOA 0xa3e18e6028b1ca09433157cd6a5e807ffe705350 in tx 0xfd8537c1640c9344a30f30893974380f9e16c1d34f56c4caa496eb89ddc80d45 and configured in tx 0x5eaa8de1d0b35f75433406bfba1367f2ae15c87614a60c779a138bcf315f82e1. The helper's setAddr(address) function is owner-gated and stores the target victim address, while the separate delegatecall helper at 0x1f428ffb964de7d906278382ba8902e3290f83a1 only performs depositor bookkeeping.

3. Vulnerability Analysis & Root Cause Summary

The vulnerability is an accounting flaw in V-Dimension's share issuance and redemption logic. In the decompiled deposit(address,uint256) path, the contract transfers AVD in and mints VDS proportional to TokenRate, which was 500 at the exploit block. That means one deposited AVD unit produces five VDS units. In the decompiled transfer(address,uint256) path used for redemption, when VDS is transferred back to the contract itself, the contract burns the returned VDS and transfers the same raw amount of underlying AVD back out. No inverse pricing is applied during redemption. This breaks the invariant that newly minted VDS must represent the same amount of underlying value that entered the system. Once the contract held enough AVD inventory, any unprivileged actor could use temporary capital to mint oversized VDS balances and redeem them for more AVD than they deposited.

4. Detailed Root Cause Analysis

The exploit trace shows the entire mismatch concretely. The attacker helper first borrowed 20,000 USDT from public flash-loan pool 0x8f73b65b4caaf64fba2af91cc5d4a2a1318e5d8c, then bought AVD through PancakeSwap pair 0x7b63b359a9b614fa8a40ed40c7766366e89f6845. The trace records the pair sending 69,282,157,129 AVD to the helper.

V-Dimension's decompiled deposit logic contains the mint-side pricing breakpoint:

require((refR5j == ((refR5j * arg1) / arg1)) | !arg1);
require(!(totalSupply > (((refR5j * arg1) / 0x64) + totalSupply)));
...
emit Transfer(address(0), msg.sender, (var_ad * arg1) / 0x03e8);

At the exploit block, TokenRate() returned 500, and the trace shows:

0x6ce69d7146dbaae18c11c36d8D94428623B29D5A::deposit(..., 69282157129)
emit Transfer(from: 0x0000000000000000000000000000000000000000, to: 0x383794..., value: 346410785645)

346,410,785,645 is exactly 69,282,157,129 * 500 / 100, proving that deposit minted VDS at a 5x ratio.

The redemption breakpoint is in the decompiled transfer(address,uint256) path. After reducing the sender's VDS balance and crediting the contract, execution reaches the redemption branch where the contract burns the returned VDS and transfers underlying AVD out from the victim:

storage_map_f[msg.sender] = storage_map_f[msg.sender] - arg1;
storage_map_f[arg0] = arg1 + storage_map_f[arg0];
emit Transfer(msg.sender, arg0, arg1);
...
totalSupply = totalSupply - arg1;
emit Transfer(msg.sender, address(0), arg1);
...
(bool success, bytes memory ret0) = address(refR5v).Unresolved_a9059cbb(msg.sender);

The seed trace confirms the behavior:

0x6ce69d7146dbaae18c11c36d8D94428623B29D5A::transfer(0x6ce69d..., 168205391822)
emit Transfer(from: 0x383794..., to: 0x0000000000000000000000000000000000000000, value: 168205391822)
Vollar::transfer(0x383794..., 168205391822)

That is the invariant break. The attacker redeemed 168,205,391,822 VDS for 168,205,391,822 AVD, even though those VDS were created by a 5x mint formula and therefore did not represent one-for-one AVD claims. The balance diff for the exploit transaction shows the victim's AVD balance falling from 121,159,655,473 to 30,646,690,371, a loss of 90,512,965,102 raw AVD units.

5. Adversary Flow Analysis

The attacker lifecycle is visible on-chain and does not depend on privileged access.

tx 0xfd8537c1640c9344a30f30893974380f9e16c1d34f56c4caa496eb89ddc80d45
  EOA 0xa3e18e...5350 deploys helper 0x383794...eccf

tx 0x5eaa8de1d0b35f75433406bfba1367f2ae15c87614a60c779a138bcf315f82e1
  EOA 0xa3e18e...5350 calls helper setAddr(...)

tx 0x0e01fd8798f970fd689014cb215e622aca8b7c8c243176c5b504e0043402e31f
  helper flash-borrows USDT
  helper swaps USDT -> AVD
  helper deposits AVD into V-Dimension and receives 5x VDS
  helper transfers VDS back to V-Dimension and receives AVD 1:1
  helper swaps AVD -> USDT
  helper repays flash loan and keeps profit

The helper's later tx 0x7ed3da98a5ffe6960c65f01c1e52ad52c9581b2dce38d2ba034ddf1a68740a62 transfers the proceeds back to the EOA, which further supports the attacker clustering. Because all components used in the exploit were public and permissionless, the exploit qualifies as ACT.

6. Impact & Losses

The measurable victim-side loss in the exploit transaction was:

{
  "token_symbol": "AVD",
  "amount": "90512965102",
  "decimal": 6
}

The transaction-level balance diff also shows the attacker helper ending with 11,136,138,946,295,503,963,408 raw USDT units, and the root-cause analysis values the EOA gas spend at 54,854,186,402,221,781 raw USDT units, leaving 11,136,084,092,109,101,741,627 raw USDT units net after gas.

7. References

  • Seed exploit transaction: 0x0e01fd8798f970fd689014cb215e622aca8b7c8c243176c5b504e0043402e31f
  • Helper deployment transaction: 0xfd8537c1640c9344a30f30893974380f9e16c1d34f56c4caa496eb89ddc80d45
  • Helper configuration transaction: 0x5eaa8de1d0b35f75433406bfba1367f2ae15c87614a60c779a138bcf315f82e1
  • Profit withdrawal transaction: 0x7ed3da98a5ffe6960c65f01c1e52ad52c9581b2dce38d2ba034ddf1a68740a62
  • Victim contract: 0x6ce69d7146dbaae18c11c36d8d94428623b29d5a
  • Underlying token: 0x4ec93ee81f25da3c8e49f01533cfb734545190a8
  • Seed trace and balance diff under the collector seed artifacts for the exploit transaction
  • Victim and helper decompilations under the collector iter_1/contract/56/.../decompile/ artifacts