link.png

ID:

elephantmoney-2

Date:

Status:

Incident Count:

April 12, 2022

Verified

1

info.png
target.png
REKT

Contributor:

chain.png

zerofriction.io

KYC By:

KYC:

No

info.png

Audit By:

Audits:

Certik, Solidity Finance

Loss Amount:

11,200,000

info.png

Recovered:

-

Rewards:

Currency:

USD, ELEPHANT, TRUNK, WBNB, BUSD

info.png

Key Indicators

Platform:

Type:

Category:

Method:

Data Sources:

Binance Smart Chain

Protocol

Yield

Contract Vulnerabilities

Extended Method:

Price manipulation

info.png

Days in Operation:

498

(1.36 Years)

chain.png
chain.png
chain.png
chain.png
datasource.png

Elephant Money implements an open global economic engine for stable coin yield. Advised users that they have not been administratively hacked and nothing has changed on the network from a contract perspective. Please reference the past activity of the ELEPHANT Deployer to confirm:

https://bscscan.com/address/0x16e76819ac1f0dfbecc48dfe93b198830e0c85eb

BlockSec identified a pricing manipulation attack against ElephantStatus. The details as reported are as follow:

1. The attacker borrowed 131,162.00 WBNB and 91,035,000.00 using the flash loan. Then the attacker swapped the 131,162.00 WBNB to 34,244 ELEPHANT Token.
2. The attacker mint TRUNK token by providing BUSD. In particular, the vulnerable contract will first swap BUSD to WBNB and then use WBNB to buy ELEPHANT. During this process, the price of ELEPHANT will raise. The attacker got TRUNK token.
3. The attacker can then use obtained ELEPHANT in step 1 to swap more WBNB (163782.821427781 in this case)
4. The attacker redeemed the TRUNK token in step 2 to get 36987.3327240222 WBNB and 66884140.125 BUSD. Since the token value after the attack is more than the cost, the attacker can get around 4M USD profit in one round of the attack.

info.png

DISCLAIMER: While web3rekt has used the best efforts in aggregating and maintaining this database, this web site makes no representations or warranties with respect to the accuracy or completeness of its information and data herein, and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose. 

Under no circumstances, shall web3rekt be liable for any loss of profit or funds, any regulatory or governmental penalties, any legal costs, or any other commercial and non-commercial damages, including but not limited to special, incidental, consequential, or other damages from any or all usage of the data and information derived from this database.