QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$16 000 USD
DECEMBER 2024
GLOBAL
STANDING ON BIZNESS (BIZNESS)
DESCRIPTION OF EVENTS

"Standing on Bizness" is a $bizness token launched on the Base blockchain on November 20th. To join the community, you can connect through their Telegram and X/Twitter channels. The contract address for $bizness is 0xF3a605573B93Fd22496f471A88AE45F35C1df5A7.
The Standing On Bizness (@SOB_base) Twitter account is focused on promoting its $bizness token, which launched as the first tokenized belief coin from the toshimart.xyz platform. Their Twitter activity includes sharing updates about the token's availability on Uniswap, contract address, and a link to their Telegram group. They emphasize a "mean what you say, say what you mean" motto and encourage users to be part of the community, branding themselves as "standing ten toes down" on their business.
The smart contract lacked a reentrancy check in the "splitLock" function, allowing attackers to exploit it by withdrawing more tokens than intended before the locked amount was updated.
BIZNESS on base was hacked due to a reentrancy vulnerability in the "splitLock" function of its Locker contract. The function calls the "_feeHandler()" to send fees to the treasury and remaining funds to the user, but lacks a reentrancy check. This allows an attacker to exploit the vulnerability by triggering the "withdrawLock()" function before the locked amount is updated, enabling them to withdraw more tokens than intended. The total loss from the attack was approximately $16,000.
"The splitLock function in the Locker contract reduces the lock amount and creates a new lock after calling the _feeHandler function, which sends surplus ETH to msg.sender.
This creates an opportunity for reentrancy, allowing the attacker to call the withdrawLock function and withdraw tokens while simultaneously creating a new lock, due to the lock amount not being updated."
The hack resulted in a loss of approximately $16,000 worth of tokens due to the reentrancy vulnerability in the smart contract.
The hack was not mentioned on the Twitter/X account. Promotions continued the next day, including a post about being "an alpha Stand on $BIZNESS" with a video comparing "the price of winning" and "the bill from regret".
Some time later, the incident was covered by Nick L Franklin and included in the SlowMist list.
The team does not appear to have acknowledged any exploit.
"Standing on Bizness" launched the $bizness token on the Base blockchain on November 20th, 2024, with a focus on building a community through its Telegram and Twitter channels. The token, introduced as the first tokenized belief coin from toshimart.xyz, gained attention through updates about its availability on Uniswap, along with the contract address and community-building messages. However, the project's smart contract contained a vulnerability in the "splitLock" function, which lacked a reentrancy check, allowing an attacker to exploit the system and withdraw more tokens than intended. This flaw led to a $16,000 loss, but the incident was not mentioned on their Twitter account, and promotions continued post-hack. Despite coverage of the hack by Nick L. Franklin and inclusion in the SlowMist list, the team has not publicly acknowledged the exploit.
HOW COULD THIS HAVE BEEN PREVENTED?
Developers need to implement proper reentrancy protections to prevent similar exploits in the future.
The Exploit Transaction (Jan 31)
@0xNickLFranklin Twitter (Jan 31)
BIZNESS hacked. – Defi hack analysis (Jan 31)
Standing on Bizness price today, BIZNESS to USD live price, marketcap and chart | Mizar (Jan 31)
The Bizness Token Contract On Base (Jan 31)
Transaction Creating Bizness Token (Jan 31)
Standing On Bizness Homepage (Jan 31)
Bizness - "Try before you die or always wonder... What if?? Be an alpha Stand on $BIZNESS" - Twitter (Jan 31)
Bizness - "This cat is Standing on $BIZNESS" - Twitter (Jan 31)
https://www.dextools.io/app/en/base/pair-explorer/0x599245fafc9a55e3d2f02176a65d9cd302023c61 (Jan 31)
0x984cb29cdb4e92e589 | Phalcon Explorer (Jan 31)
Bizness Exploiter Address (Jan 31)
@TenArmorAlert Twitter (Jan 31)
