Beosin reported a price manipulation on PLTD project.

The attacker exploits the vulnerability in the PLTD contract to reduce the balance of PLTDs in Case-LP (0x4397c7) to 1 via flashloan, and then uses the $PLTD to swap all the $BUSD into the attack contract.

The attacker initiates 2 flashloans through DODO and borrows $666,000 BUSD. The attacker swaps all the 666,000 $BUSD into 1.57M $PLTDs, at which point the attacker already holds a large amount of PLTD tokens, which will subsequently be used for the purpose of manipulating the balance of PLTD tokens in Cake-LP. The attacker queries the current bron value and the PLTD balance of the Committed-LP, which is a check before the attack. Note that these two values are critical and relate to the success of the attack. The attacker sends 116,000 $PLTD tokens directly to commit-LP (0x4397c7), note that this amount is just twice the balance of $PLTDs in Commite-LP in the previous step minus 1. Here the attacker uses skim to take back the PLTD transferred in step 4. As in the _transfer function, if the from address is uniswapV2Pair, then it will call _tokenTransferBuy. (The function will not affect the value of _bron). All the previous operations are for this step. The attacker transfers 1 $PLTD to the address 0x16b9a82891338f9ba80e2d6970fdda79d1eb0dae, and since this address is not the address of Take-LP, the internal function _tokenTransfer is called for this transfer.