link.png

ID:

zeed-community-856

Date:

Status:

Incident Count:

April 21, 2022

Verified

1

info.png
target.png
REKT

Contributor:

chain.png

zerofriction.io

KYC By:

KYC:

No

info.png

Audit By:

Audits:

None

Loss Amount:

1,000,000

info.png

Recovered:

-

Rewards:

Currency:

USD, YEED

info.png

Key Indicators

Platform:

Type:

Category:

Method:

Data Sources:

Binance Smart Chain

Platform

Dexes

Contract Vulnerabilities

Extended Method:

Logic error, Reward distribution

info.png

Days in Operation:

367

(1.01 Years)

chain.png
chain.png
chain.png
chain.png
datasource.png

Zeed is an autonomous decentralized financial integrated ecosystem built by community users all over the world. Relying on the powerful application technology at the bottom of blockchain and the rich product functions of the community, Zeed, in conjunction with FAR NFT Ecology and HALO Network, can quickly complete intelligent contracts related to cross-chain bridge, SWAP, stable currency, NFT and financial derivatives.

Zeed community was exploited its reward distribution vulnerability allowing the attacker to reward him/herself $1M from the protocol. However the attacker forgot to transfer out the stolen funds before self-destructed the attack contract, thus the exploit nettted the attacker a negative return ($44) due to gas fees. The stolen fund is permanently stuck in the attack contract.

According to BlockSec, when a user swapped in the pair, the token will reward the pair, by dividing the reward into three different pairs. However, the project has a vulnerability that distributes the rewards without dividing into three pairs.

Since these pairs get tokens, then the attacker can get the tokens by invoking the skim function of the pair.

Interestingly, the attacker does not transfer the obtained tokens out before self-destructing the attack contract.

info.png

DISCLAIMER: While web3rekt has used the best efforts in aggregating and maintaining this database, this web site makes no representations or warranties with respect to the accuracy or completeness of its information and data herein, and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose. 

Under no circumstances, shall web3rekt be liable for any loss of profit or funds, any regulatory or governmental penalties, any legal costs, or any other commercial and non-commercial damages, including but not limited to special, incidental, consequential, or other damages from any or all usage of the data and information derived from this database.