$9 000 USD

DECEMBER 2024

GLOBAL

DECENTRALIZED FINANCE (DCF)

DESCRIPTION OF EVENTS

The Decentralized Finance (DCF) platform offers a decentralized ecosystem with various features, including DCF Play, GameFi, a Commercial Payment Ecosystem, an Online Social Network, Messaging & Livestream services, and a DAO Community for collaborative governance. Users can increase profits through decentralized income sources and interact within a secure and decentralized environment. The platform also outlines its tokenomics, with mining rewards making up 45% and other funds allocated for games, ecosystem growth, reserves, marketing, presale, and development. The roadmap spans from Q4 2024 to Q4 2025, detailing milestones such as token creation, presale, game releases, community expansion, decentralized social network launch, and DAO establishment. Key partners include SafePal, MetaMask, PancakeSwap, and more.

 

The recently launched DCF Pro Farming launch smart contract offered users a chance to earn significant returns through multiple revenue streams, including PancakeSwap tax, DCF swap fees, and profits from the GameFi ecosystem. Users can invest in flexible plans ranging from $100 to $50,000, with term options of 7, 14, or 28 days. Withdrawals are easy, with no fee for on-time exits and a 5% fee for early withdrawals. The platform promises monthly profits of 10-15%, and participants have the chance to become shareholders, sharing in the project's sustainable profits.

 

The Decentralized Finance victim contract has exchange functionality, relying on the PancakeSwap V2 pair to determine exchange rates. This setup can be easily exploited by manipulating the exchange rates through large token swaps on PancakeSwap.

 

In this case, the hacker exploited the vulnerability by exchanging almost all DCF tokens in the victim contract for BUSD. Then, they swapped a massive amount of BUSD for DCF on PancakeSwap, artificially manipulating the exchange rate. Following this, the hacker was able to exchange the BUSD back into the victim contract using a small number of DCF tokens, resulting in a total loss of approximately $9,000.

 

"Decentralized Finance(DCF) hacked. Victim contract has exchange functionality, but it gets exchange rate using pancakeswap v2 pair. This can be easily manipulated by exchanging huge amount of tokens on pancake swap. Hacker exchanged almost all DCF token in victim contract to BUSD. Then, exchanged huge amount of BUSD to DCF on pancakeswap, exchange rate manipulated. After that, he exchanged gained almost all BUSD in victim contract using a few DCF tokens. Total loss is about $9k."

 

"The root cause is the logic when the project swap between BUSDT, DUSD(Their token) and DCF(Their token). It binds BSDT/DUSD as 1:1 but put DUSD/DCF somewhat dynamic. It didn't set the swap K (reserve number) after the swap."

 

Amount of loss: $ 8,800

 

Explore This Case Further On Our Wiki

The Decentralized Finance (DCF) platform offers a comprehensive ecosystem with features such as DCF Play, GameFi, a commercial payment system, a social network, messaging, livestream services, and a DAO for governance. A hack exploited vulnerabilities in the victim contract’s exchange functionality, manipulating the exchange rate through large token swaps on PancakeSwap. The hacker swapped DCF tokens for BUSD, then manipulated the rate before exchanging BUSD back into the contract, causing a loss of $9,000. The issue arose from flawed logic in the swap process, where the DUSD/DCF exchange rate was not properly secured. It does not appear that the project has publicly acknowledged the hack or any plans for restitution.

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2019 - 2025 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.