IVEST DAO

DESCRIPTION OF EVENTS

"The iVest DAO is a bootstrapping web3 powered decentralized community equity & investment ecosystem.

We combine SocialFi and DAO governance with unique tokenomics to support our members and create thriving community projects."

"Grassroots Fair Launch. No Pre-Sale, No Dev Tokens, No ICO, No Referrals. Launched with 100% community donated liquidity.

Fees collected from transactions and DAO related activities are shared as rewards to token holders and DAO contributors.

The combined effects of the Vesting Pool and fee schedule promotes an antifragile, deflationary ecosystem.

Holders passively earn more tokens while iVEST circulating supply dwindles... Sellers wait for locked tokens to exit their position smoothing price action, limiting dumps, panic & manipulation."

"The exploit centers around a vulnerability in the token contract’s transfer function.

The transfer function contains flawed logic: when tokens are transferred to the burn address (0x0), the sender’s balance is incorrectly reduced by double the intended amount."

"The attacker took advantage of this by transferring iVest tokens to a Uniswap pair and then calling skim(0x0) and sync().

Due to the flawed transfer logic, the pair’s balance was drastically reduced."

"By repeatedly exploiting this flaw, the attacker managed to drain the liquidity pool, resulting in the loss of $156,309.94."

"root case is wrong implement of _transfer 0 address, when transfer to 0 addrees, `makeDonation` funciton will be called , and decrease part of sender token amounts, the issue is when call `skim` , pancke pair amount will decrease, this will increase the value of `iVest Token` ,attacker call multiple times skim and then swap to drain pair weth"

QuillAudits: $156,309.94 Olympix: $172,000 ExVul: $205,153

The iVest team does not appear to have even acknowledged the exploit yet.

Explore This Case Further On Our Wiki

The iVest DAO is a community equity and investment ecosystem. They provide a source of passive income for holders of the token. An exploit was present in their smart contract which allowed an attacker to profit by donating funds to a burn address. A significant amount was drained from the smart contract. The team has yet to acknowledge the exploit or prepare any path forward.

SlowMist Hacked - SlowMist Zone (Aug 12)
@SlowMist_Team Twitter (Aug 12)
iVESTDAO | Address 0x786fcf76dc44b29845f284b81f5680b6c47302c6 | BscScan  (Aug 12)
iVest.finance (Aug 12)
https://ivest.finance/media/litepaper.pdf (Aug 12)
BNB Smart Chain Transaction Hash (Txhash) Details | BscScan  (Aug 12)
@Olympix_ai Twitter (Aug 12)
BNB Smart Chain Transaction Hash (Txhash) Details | BscScan  (Aug 12)
@AnciliaInc Twitter (Aug 12)
@EXVULSEC Twitter (Aug 12)
@quillaudits_ai Twitter (Aug 12)

More case studies

RARI Foundation
Discord Hacked

Vow Currency Rate
Adjustment Exploited