$257 000 USD





"Multi.Financial is an automated market maker (AMM) aggregator and yield farming project providing decentralised loans secured through MULTI on Binance Smart Chain (BSC). We created this project to improve the availability of credit on BSC, as we felt the options for decentralised loans were limited within the BSC ecosystem."


"Additionally, we will release a decentralised exchange (DEX) based on Ethereum’s Uniswap. This has been re-architected and designed around BSC, providing users with the benefits of the lower fees intrinsic to BSC and provide a valuable service to the wider DeFi ecosystem."


"It is said that Binance Smart Chain investors reported that on February 1, another "earth dog" project, Multi Financial, ran away on BSC, and it took about 5000 BNB in ​​just one day. The compromised investor stated that it had reported that Binance had blocked the address of the project party and reported to the police."


"The `delegatecall()` function calls functions from other contracts as if they belong to the caller contract. Thus the callee may change the state of the calling address. This may be insecure." "The backdoor was in the getReward() function, this function was using delegatecall (Huge Red Flag) . DELEGATECALL basically says that I'm a contract and I'm allowing another contract to do whatever it wants to my storage. Here, it delegated this power to the loansFactory wich was not set in the beginning. The deployer sets it with this tx https://bscscan.com/tx/0x29e0cf21a42ffa5174ce9543bf12ee625dbd62b17a6271df08cb227ea70a551a and therefore the contract at the address 0x55736853bb3e8cf40bec933757fe5cde80e68e34 was able to change the rewards. When the dev called the getReward function, it called the loansFactory which sets the rewards to all the LPs in the SC. The dev did the same for all the available pools."

Multi Financial existed for all of 3 days, and obtained a reported 5000 BNB from investors.


While Twitter and the site were deleted, their single Medium post is still present online.

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.