Logic error, Input validation does non consider how long the caller own the NFTs
Days in Operation:
An exploiter claimed a large amount of the APECOIN in the airdrop event by flashloan using $BYAC tokens to redeem for #BAYC NFTs.
1. The attacker bought NFT No.1060 from OpenSea, which was later used as the flash loan fee to flash loan 5.2 BAYC tokens from the "NFTX Vault"
2. Then used the BAYC tokens borrowed in step 1 to redeem BAYC NFTs (NFT token ID: 7594, 8214, 9915, 8167, 4755)
3. Then claimed 60,564 ApeCoin tokens as a reward in the Airdrop contract and sold the majority of $APE on the market to #ETH.
4. Minted BAYC NFTs to BAYC tokens to pay back the flash loan and fees.
In total, the attacker got 60,564 APE token, which worthed around 500K USD (at the time of writing this blog, the price of APE is $8 ). The cost is one NFT (106 ETH — 14 ETH), which is around 270K USD.
Contracts Vulnerability Analysis:
The getClaimableTokenAmountAndGammaToClaim() function in the AirdropGrapesToken contract to calculate the amount of ApeCoin to claim based on how many NFT the caller has doesn't consider how long the caller owns those NFTs.
DISCLAIMER: While web3rekt has used the best efforts in aggregating and maintaining this database, this web site makes no representations or warranties with respect to the accuracy or completeness of its information and data herein, and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose.
Under no circumstances, shall web3rekt be liable for any loss of profit or funds, any regulatory or governmental penalties, any legal costs, or any other commercial and non-commercial damages, including but not limited to special, incidental, consequential, or other damages from any or all usage of the data and information derived from this database.