$70 000 USD

DECEMBER 2024

GLOBAL

GAGAW

DESCRIPTION OF EVENTS

GAGAW is a token launched on the Binance smart chain.

 

"The primary issue lies in the flawed accounting logic within the token's transfer function.

 

When a transfer is mistakenly identified as a removeLiquidity action, the recipient’s balance is increased by the balance of the 0xdead address.

 

This allowed the attacker to repeatedly simulate removeLiquidity transfers, accumulating a significant amount of tokens effortlessly.

 

It's unclear what the true intent behind this logic is—perhaps a simple typo or even a deliberate backdoor?

 

Additionally, the decision logic for removeLiquidity and addLiquidity can be manipulated through token transfers.

 

Despite restrictions on buying and selling, the attacker bypassed these limitations by simulating addLiquidity transfers, ultimately securing profit.

 

Interestingly, the attacker deposited the profits into a pre-created Uniswap pair."

 

"Our system has detected a suspicious attack involving #GAGAW on #BSC, resulting in an approximately loss of $69.7K."

 

Explore This Case Further On Our Wiki

The GAGAW token was launched in a new smart contract on the Binance smart chain on November 23rd. Unfortunately, there was a vulnerability in the token transfer logic, which was later exploited on December 2nd. This resulted in a loss of roughly $70k. It's unclear where the GAGAW community resides, or what their response has been.

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2019 - 2025 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.