FORTUNEWHEEL

DESCRIPTION OF EVENTS

FortuneWheel is an "old unknown project contract" on the Binance Smart Chain which was created in June 2023.

"The root cause is the swapProfitFees() function which will add BNB to a swap and attack could gain from the K change."

"“swapProfitFees” function exchanges tokens using pancakeswap and has no [access] modifier."

"this is a classic case of price manipulation. The swapProfitFees() function lacks slippage protection and is easily manipulated by a swap."

"Hacker exchanged a huge amount of WBNB to LINK, then called this function, exchanged LINK to WBNB again. He gained almost $21k."

Explore This Case Further On Our Wiki

FortuneWheel is a project on the Binance Smart Chain launched in June 2023, identified as an "old unknown project contract." The vulnerability lies in its "swapProfitFees()" function, which facilitates token exchanges using PancakeSwap but lacks an access modifier and slippage protection, making it vulnerable to manipulation. A hacker exploited this weakness by swapping a large amount of WBNB for LINK, then using the function to swap LINK back to WBNB, ultimately making a profit of nearly $21,000 through price manipulation.

FortuneWheel Smart Contract Exploited (Feb 13)
@TikkalaResearch Twitter (Feb 13)
@0xNickLFranklin Twitter (Feb 13)
Sandwich attack! – Defi hack analysis (Feb 13)
FortuneWheel Smart Contract Creation (Feb 13)
@TenArmorAlert Twitter (Feb 13)
@ACai_sec Twitter (Feb 13)
20250110-FortuneWheel 攻击事件：竟然不设滑点，那就体验一下 Force Investment 吧 - ACai_sec - 博客园 (Feb 13)

More case studies

Usual Money USD0++ Depegging
When Backing Removed

SuperVerse Fraudulent
Airdrop Twitter/X Compromise