MintRisesPrices Reentrancy Attack
Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!
MintRisesPrices is a cryptocurrency wealth protocol, with a token which is designed to go up in price and not down, which appears to have targeted the Chinese cryptocurrency investment market with space-themed promotions. There is controversy as to whether or not this constitutes a honeypot, as this is presumably accomplished by preventing selling of the tokens. This protocol was attacked through a re-entrancy attack and the attacker managed to get away with $59,000. The protocol appears to have relaunched in a new smart contract.
About MintRisesPrices
"A crypto wealth protocol that only goes up and never goes down!"
The Reality
This sections is included if a case involved deception or information that was unknown at the time. Examples include:
- When the service was actually started (if different than the "official story").
- Who actually ran a service and their own personal history.
- How the service was structured behind the scenes. (For example, there was no "trading bot".)
- Details of what audits reported and how vulnerabilities were missed during auditing.
What Happened
"MintRisesPrices on BNBChain suffered a reentrancy attack, resulting in a loss of approximately $59,000."
| Date | Event | Description |
|---|---|---|
| May 14th, 2024 11:22:00 PM MDT | Launch Date Promotion | An initial post by the MintRisesPrices account simply has the date of May 18th. This is a response to a tweet asking "When will MRP launch? Is there a group?" on a deleted post. |
| May 15th, 2024 1:49:00 AM MDT | Multiple Promotion Banners | Multiple promotional banners are released as well as a slogan for "[a] crypto wealth protocol that only goes up and never goes down!" |
| July 2nd, 2024 7:14:39 AM MDT | Blockchain Transaction | The re-entrancy attack transaction happens on the blockchain. This is the transaction later referenced by ChainAegis. |
| July 2nd, 2024 8:17:00 PM MDT | SlowMist Tweet | SlowMist posts a tweet to announce that they have found potential suspicious activity related to the MintRisesPrices smart contract. The address of the smart contract is provided. |
| July 2nd, 2024 9:02:00 PM MDT | ChainAegis Tweet | ChainAegis tweets a notice about the re-entrancy attack along with the transaction on the Binance Smart Chain. The service warns that this is "also a high-risk token (honeypot), please do not trade it." |
| July 3rd, 2024 12:55:00 AM MDT | End Of Minting Phase | In a Chinese post, the project announces the end of the minting phase and requests users to transfer their assets to a new smart contract address. A new smart contract address of 0xF114A2d1521eF04F81930b7E03C2e438aD89C375 is provided. |
Technical Details
This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?
Total Amount Lost
The total amount lost has been estimated at $59,000 USD.
How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?
Immediate Reactions
"The MRP casting phase has ended, and a fixed quantity MRP contract has been deployed!
Please ensure all users transfer their MRP assets to the new contract address for mapping before 2024-07-04 24:00:00. Additionally, addresses where casting has not yet ended should also transfer to the new contract address once; if there are no MRP assets yet, you can transfer 0 MRP for mapping. Please inform other users and the community. Thank you!"
Ultimate Outcome
New Contract Address: 0xF114A2d1521eF04F81930b7E03C2e438aD89C375
Total Amount Recovered
There do not appear to have been any funds recovered in this case.
What funds were recovered? What funds were reimbursed for those affected users?
Ongoing Developments
What parts of this case are still remaining to be concluded?
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ SlowMist Hacked - SlowMist Zone (Accessed Jul 5, 2024)
- ↑ @SlowMist_Team Twitter (Accessed Jul 8, 2024)
- ↑ BNB Chain Address 0xa0ba...5700a3 | Blockchain Explorer | OKLink (Accessed Jul 8, 2024)
- ↑ @MintRisesPrices Twitter (Accessed Jul 8, 2024)
- ↑ @MintRisesPrices Twitter (Accessed Jul 8, 2024)
- ↑ @MintRisesPrices Twitter (Accessed Jul 8, 2024)
- ↑ @ChainAegis Twitter (Accessed Jul 8, 2024)
- ↑ x.com (Accessed Jan 28, 2025)