
ID:
bevo-nft-art-token-1431
100 pts
Platform:
Type:
Category:
Method:
Data Sources:
Binance Smart Chain
Assets
Token
Contract Vulnerabilities
Extended Method:
deflationary token
Days in Operation:
619
(1.70 Years)





100 pts each
The project token was attacked. However the attacker was front-run by another exploiter.
The root cause is BEVO is a deflation token. By invoking function deliver(), the value _rTotal will decrease and thereby influence the calculation of balance. After manipulating the token balance, the attacker invoked function skim to transfer the increased balance of PancakePair to its own account. Finally, the attacker invoked function deliver() once again and swapped the increased BEVO back to WBNB.
EOA 0x5599c paid 10 BNB (~$3k) to front-run EOA 0x68fA7 that attempted to exploit the project. 0x5599c took advantage of BEVOs reflection rate and called the skim() function to gain an extra 4.5m BEVO. The token manipulation allowed the exploiter to swap 0 BEVO for 337 BNB. The 192 WBNB flash loan was repaid, leaving the exploiter with 144 WBNB.
0x68fA7 sent an on-chain message to 0x5599c following the front run.
DISCLAIMER: While web3rekt has used the best efforts in aggregating and maintaining this database, this web site makes no representations or warranties with respect to the accuracy or completeness of its information and data herein, and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose.
​
Under no circumstances, shall web3rekt be liable for any loss of profit or funds, any regulatory or governmental penalties, any legal costs, or any other commercial and non-commercial damages, including but not limited to special, incidental, consequential, or other damages from any or all usage of the data and information derived from this database.