$442 000 USD

NOVEMBER 2024

GLOBAL

DCF TOKEN

DESCRIPTION OF EVENTS

The Decentralized Finance (DCF) platform offers a decentralized ecosystem with various features, including DCF Play, GameFi, a Commercial Payment Ecosystem, an Online Social Network, Messaging & Livestream services, and a DAO Community for collaborative governance. Users can increase profits through decentralized income sources and interact within a secure and decentralized environment. The platform also outlines its tokenomics, with mining rewards making up 45% and other funds allocated for games, ecosystem growth, reserves, marketing, presale, and development. The roadmap spans from Q4 2024 to Q4 2025, detailing milestones such as token creation, presale, game releases, community expansion, decentralized social network launch, and DAO establishment. Key partners include SafePal, MetaMask, PancakeSwap, and more.

 

"The cause of this vulnerability is that the project wrote incorrect logic when implementing the DCF transfer function. As a result, the attacker destroyed the DCF in the pair after transferring it to the swap pair, which made it easy to manipulate the price of DCF. Finally, arbitrage was completed."

 

"This attack exploited two critical vulnerabilities in the DCF token contract, leveraging a $110M USDT flashloan to execute the exploit.

 

First Vulnerability: The transfer function allowed anyone to burn tokens from the USDT/DCF pair. The attacker exploited this flaw using 83 DCF tokens purchased from a USDT/DCF v3 pool deployed only six hours prior to the attack. This approach bypassed the buying restriction in the v2 pair.

 

Second Vulnerability: The addLiquidity process in the transfer function lacked slippage protection, enabling the attacker to recover their USDT costs via a sandwich attack."

 

"As you can see, when to is the address of PancakeSwap Pair, the code in the red box is executed, and the vulnerability appears here. Since deadcfg is 2, the code will destroy about half of the DCF of the transfer amount from PancakeSwap Pair, and then sync. This operation will cause the number of DCFs in PancakeSwap Pair BUSD-DCF to decrease significantly, and the price of DCF to rise sharply. Through this operation, the price of DCF has risen from 171 BUSD to 1,708,540,682,977,674 BUSD, an increase of 9,991,465,982,325 times. Since the code liquidHepler.addLiquidity in the transfer function of DCF consumes part of the DCT in PancakeSwap Pair BUSDDCT, it also raises the price of DCT."

 

$440k - $442k

 

"On November 25, DCF on the BNB Chain was attacked, resulting in a loss of approximately $440,000. The root cause of the vulnerability was an error in the logic implemented by the project team in the transfer function of DCF."

 

"Our system has detected a suspicious attack involving #DCF on #BSC, resulting in an approximately loss of $442K.

 

This is not the first time DCF has fallen victim to an attack!"

 

Explore This Case Further On Our Wiki

The Decentralized Finance (DCF) community offers a wide range of services on their website, and allows investors to purchase their DCF token. Unfortunately, their smart contract had a vulnerability which allowed the price to be rapidly inflated through a burn mechanism. This was exploited to withdraw significant liquidity worth $442k from the smart contract. The project team does not appear to have acknowledged the exploit. They are continuing to run the project with various strategies being posted on Twitter.

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2019 - 2025 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.