3. Vulnerability Analysis & Root Cause Summary

This is an ATTACK-class incident caused by a permissionless arbitrary-balance burn in the token contract. The critical externally reachable function is family(address account), which forwards directly into _approve_(account, account, 0). Inside _approve_, the contract computes accountBalance = (_balances[owner] + trading()) * 999 / 1000 and subtracts that amount from _balances[owner] and _totalSupply, emitting a burn-style Transfer to the zero address.

That behavior means any caller can target the Uniswap pair address and destroy nearly all of the pair's APEMAGA balance in-place. Once the attacker calls sync(), the pair records the manipulated low token reserve while its WETH reserve remains intact. The attacker can then sell a comparatively small amount of APEMAGA into the pool and receive almost all of the WETH. The exploit is deterministic and requires no privileged role, private key, flash loan, or attacker-specific artifact.

4. Detailed Root Cause Analysis

The verified victim source shows the exploit primitive directly:

function _approve_(
    address owner,
    address spender,
    uint256 amount
) internal virtual {
    require(owner != address(0), "ERC20: burn from the zero address");
    require(owner == spender, "ERC20: burn to the owner address");
    uint256 accountBalance = (_balances[owner] + trading()) * 999 / 1000;
    _balances[owner] -= accountBalance;
    _totalSupply -= accountBalance;
    emit Transfer(owner, address(0), accountBalance);
}

function family(address account) external {
    super._approve_(account, account, 0);
}

This code makes the invariant failure explicit: an arbitrary external caller can pick any account, including the live AMM pair. The exploit trace confirms that exact mechanism. In the collected transaction trace, the helper contract calls Tonken::family(0x85705829c2f71EE3c40A7C28f6903e7c797c9433) twice, producing burn events of 53328645376776709609 and 53328645376776710 APEMAGA units from the pair. The trace then shows 0x85705829c2f71EE3c40A7C28f6903e7c797c9433::sync() emitting:

emit Sync(: 53382027404181, : 9384075748093369217)

That leaves the pair with only 53382027404181 APEMAGA units against 9384075748093369217 WETH wei, creating a fabricated reserve ratio. The attacker then transfers 59632616815636881 APEMAGA into the pair and executes the final router swap. The same trace shows:

WETH9::transfer(0xCe3B42e93Dd6313e413CbdB604e295908d3C7C85, 9375657576473649845)
emit Sync(: 59685998843041062, : 8418171619719372)

The balance-diff artifact independently matches the outcome: the pair's APEMAGA balance falls from 53382027404180890500 to 59685998843041062, and 0xce3b42e93dd6313e413cbdb604e295908d3c7c85 receives the extracted WETH proceeds. The exploit therefore does not depend on a hidden off-chain condition; it is the direct consequence of a public burn primitive being composable with Uniswap reserve synchronization.

5. Adversary Flow Analysis

The adversary cluster for the observed incident consists of sender EOA 0xb297735e9fb3e695ccce3963bfe042f318901ea0, helper contract 0x8de6314058c0b7eea809881d73e69b425c01f0b5, and profit recipient 0xce3b42e93dd6313e413cbdb604e295908d3c7c85. The on-chain execution is a single public transaction and can be reproduced by any unprivileged replacement attacker with fresh addresses.

The flow is:

1. Obtain or already hold a small amount of APEMAGA inventory.
2. Call family(pair) repeatedly against the public APEMAGA token until the pair balance collapses by several orders of magnitude.
3. Call sync() on the Uniswap pair so the manipulated token balance becomes the stored reserve.
4. Sell attacker-held APEMAGA through the public Uniswap V2 router into the broken pool.
5. Receive nearly all of the WETH side of the pair as profit.

The critical trace segment is:

Tonken::family(0x85705829c2f71EE3c40A7C28f6903e7c797c9433)
Tonken::family(0x85705829c2f71EE3c40A7C28f6903e7c797c9433)
0x85705829c2f71EE3c40A7C28f6903e7c797c9433::sync()
0x7a250d5630B4cF539739dF2C5dAcb4c659F2488D::swapExactTokensForTokens(...)
WETH9::transfer(0xCe3B42e93Dd6313e413CbdB604e295908d3C7C85, 9375657576473649845)

This sequence is sufficient to realize the ACT opportunity because every invoked contract surface is publicly callable and the helper contract is not essential to exploitability.

6. Impact & Losses

The measurable pool loss is 9375657576473649845 wei of WETH, or 9.375657576473649845 WETH. The exploit also destroyed market integrity for the APEMAGA/WETH pool because the pair reserve ratio was forced to a fabricated state before the terminal swap. The affected public components are the APEMAGA token contract at 0x56ff4afd909aa66a1530fe69bf94c74e6d44500c and the APEMAGA/WETH pair at 0x85705829c2f71ee3c40a7c28f6903e7c797c9433.

7. References

• Exploit transaction: 0x6beb21b53f5b205c088570333ec875b720e333b49657f7026b01ed72b026851e
• Victim token: 0x56ff4afd909aa66a1530fe69bf94c74e6d44500c
• Victim pair: 0x85705829c2f71ee3c40a7c28f6903e7c797c9433
• Uniswap V2 router used in the exploit: 0x7a250d5630b4cf539739df2c5dacb4c659f2488d
• Verified APEMAGA source code showing family(address) and _approve_()
• Collected execution trace showing the two burns, sync(), and final WETH transfer
• Collected balance-diff artifact showing pair depletion and profit-recipient proceeds