top of page
link.png

ID:

bevo-nft-art-token-1431

blob_404.png

Date:

Status:

Incident Count:

January 30, 2023

Verified

1

info.png
REKT

Contributor:

chain.png

web3rekt.com

KYC By:

KYC:

None

info.png
50 pts

Audit By:

Audits:

None

Loss Amount:

44,287

info.png

Recovered:

-

Rewards:

Ticker:

USD, BEVO

info.png
100 pts each

The project token was attacked. However the attacker was front-run by another exploiter.

The root cause is BEVO is a deflation token. By invoking function deliver(), the value _rTotal will decrease and thereby influence the calculation of balance. After manipulating the token balance, the attacker invoked function skim to transfer the increased balance of PancakePair to its own account. Finally, the attacker invoked function deliver() once again and swapped the increased BEVO back to WBNB.

EOA 0x5599c paid 10 BNB (~$3k) to front-run EOA 0x68fA7 that attempted to exploit the project. 0x5599c took advantage of BEVOs reflection rate and called the skim() function to gain an extra 4.5m BEVO. The token manipulation allowed the exploiter to swap 0 BEVO for 337 BNB. The 192 WBNB flash loan was repaid, leaving the exploiter with 144 WBNB.

0x68fA7 sent an on-chain message to 0x5599c following the front run.

info.png

DISCLAIMER: While web3rekt has used the best efforts in aggregating and maintaining this database, this web site makes no representations or warranties with respect to the accuracy or completeness of its information and data herein, and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose. 

​

Under no circumstances, shall web3rekt be liable for any loss of profit or funds, any regulatory or governmental penalties, any legal costs, or any other commercial and non-commercial damages, including but not limited to special, incidental, consequential, or other damages from any or all usage of the data and information derived from this database.

bottom of page