Azoundria: Created page with "{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/abccappusdtoverclaimaddfixeddayaccesscontrolmissing.php}} {{Unattributed Sources}} Binance Security ImageThe ABCCApp smart contract on Binance Smart Chain allowed users to claim daily stablecoin rewards but contained a critical vulnerability due to a missing access control on the addFixedDay function. This function was essential in calculating claimabl..."

2025-08-27T20:38:15Z

Created page with "{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/abccappusdtoverclaimaddfixeddayaccesscontrolmissing.php}} {{Unattributed Sources}} thumb|Binance Security ImageThe ABCCApp smart contract on Binance Smart Chain allowed users to claim daily stablecoin rewards but contained a critical vulnerability due to a missing access control on the addFixedDay function. This function was essential in calculating claimabl..."

New page

{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/abccappusdtoverclaimaddfixeddayaccesscontrolmissing.php}}
{{Unattributed Sources}}

[[File:Binancesecurity.jpg|thumb|Binance Security Image]]The ABCCApp smart contract on Binance Smart Chain allowed users to claim daily stablecoin rewards but contained a critical vulnerability due to a missing access control on the addFixedDay function. This function was essential in calculating claimable BSCUSD (though TenArmor reports the loss in USDT). The flaw allowed an attacker to manipulate the rewards, leading to an estimated $10.1k loss. The project lacks any public-facing presence, and there is no evidence of recovery efforts, further investigation, or community awareness beyond TenArmor’s report.<ref name="tenarmortweet-21069" /><ref name="bscscanattack-21070" /><ref name="bscscanexploiter-21071" /><ref name="exploitedcontract-21072" /><ref name="exploitedcontractcreation-21073" />

== About ABCCApp ==
The ABCCApp smart contract on the Binance Smart Chain appears to provide the ability to claim daily stablecoin rewards. The smart contract was launched on April 1st, 2023.

== The Reality ==
Unfortunately, the smart contract was launched with a missing access control on a key addFixedDay function, which was instrumental in calculating the claimable amount of the BSCUSD stablecoin.

== What Happened ==
The ABCCApp smart contract on Binance Smart Chain suffered a $10.1k exploit due to missing access control on a key function.
{| class="wikitable"
|+Key Event Timeline - ABCCApp USDT Overclaim addFixedDay Access Control Missing
!Date
!Event
!Description
|-
|April 1st, 2023 6:31:12 AM MDT
|ABCCApp Smart Contract Launch
|The exploited ABCCApp smart contract is originally launched on the Binance Smart Chain.
|-
|August 23rd, 2025 8:32:07 AM MDT
|Attack Transaction Occurred
|The attack transaction is accepted into the Binance Smart Chain.
|-
|August 23rd, 2025 9:26:00 PM MDT
|TenArmor Posts About Exploit
|TenArmor makes a tweet about the exploit on their Twitter/X account. They provide some high level information on the nature of the exploit.
|}

== Technical Details ==
The technical description provided by TenArmor is as follows:

"The root cause is that the addFixedDay() function lacks access control, and fixedDay is used in the calculation of claimable USDT."

== Total Amount Lost ==
TenArmor reported the loss with an estimated value of $10.1k. While TenArmor reports that the amount is claimable in USDT, it appears that the attack transaction took BSCUSD.

The total amount lost has been estimated at $10,000 USD.

== Immediate Reactions ==
The project does not appear to have a public website or social media presence. The transaction was reported by TenArmor.

== Ultimate Outcome ==
It's unclear if there is any outcome. There do not appear to be any mentions of this transaction in any other locations.

== Total Amount Recovered ==
There is no suggestion that any funds have been recovered.

There do not appear to have been any funds recovered in this case.

== Ongoing Developments ==
There does not appear to be any ongoing attempt to investigate further or recover funds.
== Individual Prevention Policies ==
{{Prevention:Individuals:Placeholder}}

{{Prevention:Individuals:End}}

== Platform Prevention Policies ==
{{Prevention:Platforms:Placeholder}}

{{Prevention:Platforms:End}}

== Regulatory Prevention Policies ==
{{Prevention:Regulators:Placeholder}}

{{Prevention:Regulators:End}}

== References ==
<references><ref name="tenarmortweet-21069">[https://twitter.com/TenArmorAlert/status/1959457212914352530 TenArmor - "Our system has detected a suspicious attack involving #ABCCApp on #BSC, resulting in an approximately loss of $10.1K. The root cause is that the addFixedDay() function lacks access control, and fixedDay is used in the calculation of claimable USDT." - Twitter/X] (Accessed Aug 27, 2025)</ref>

<ref name="bscscanattack-21070">[https://bscscan.com/tx/0xee4eae6f70a6894c09fda645fb24ab841e9847a788b1b2e8cb9cc50c1866fb12 Attack Transaction - BSCScan] (Accessed Aug 27, 2025)</ref>

<ref name="bscscanexploiter-21071">[https://bscscan.com/address/0x53feee33527819bb793b72bd67dbf0f8466f7d2c ABCCScan Exploiter Address - BSCScan] (Accessed Aug 27, 2025)</ref>

<ref name="exploitedcontract-21072">[https://bscscan.com/address/0x36696169c63e42cd08ce11f5deebbcebae652050 The Exploited Smart Contract - BSCScan] (Accessed Aug 27, 2025)</ref>

<ref name="exploitedcontractcreation-21073">[https://bscscan.com/tx/0xbed617f015bfb62692bee94b023a77ccfce4d7f8dc7e1ec0fdd38609cc08de91 The Exploited Contract Creation Transaction - BSCScan] (Accessed Aug 27, 2025)</ref></references>

ABCCApp USDT Overclaim addFixedDay Access Control Missing - Revision history