Zeed is an autonomous decentralized financial integrated ecosystem built by community users all over the world. Relying on the powerful application technology at the bottom of blockchain and the rich product functions of the community, Zeed, in conjunction with FAR NFT Ecology and HALO Network, can quickly complete intelligent contracts related to cross-chain bridge, SWAP, stable currency, NFT and financial derivatives.

Zeed community was exploited its reward distribution vulnerability allowing the attacker to reward him/herself $1M from the protocol. However the attacker forgot to transfer out the stolen funds before self-destructed the attack contract, thus the exploit nettted the attacker a negative return ($44) due to gas fees. The stolen fund is permanently stuck in the attack contract.

According to BlockSec, when a user swapped in the pair, the token will reward the pair, by dividing the reward into three different pairs. However, the project has a vulnerability that distributes the rewards without dividing into three pairs.

Since these pairs get tokens, then the attacker can get the tokens by invoking the skim function of the pair.

Interestingly, the attacker does not transfer the obtained tokens out before self-destructing the attack contract.