Sola Unverified Contract withdrawToken Lacking Access Control

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Binance Security Image

An unverified smart contract at address 0x623c—possibly linked to the Sola Token—was exploited due to a critical lack of access control on its withdrawToken() function, allowing anyone to transfer tokens from it. The attacker used a malicious contract and flash swap via PancakePair to obtain over 23,000 USDT and later repeated the process with another Sola token to extract 8.92 WBNB, leading to a total loss of approximately $28.1k. This marked the fourth in a series of similar attacks by a repeat offender, with no indication of recovery or ongoing investigation.[1][2][3][4][5][6][7]

About Unverified Smart Contract

The unverified smart contract was created on April 11th, 2025. It may be related to the Sola Token, however this is unconfirmed.

The Reality

Decompilation and analysis of the victim contract revealed that the withdrawToken() function had no access restrictions—no onlyOwner modifier or require() checks—allowing any external address to call it and withdraw arbitrary tokens. This fundamental lack of access control made the function publicly callable, enabling the attacker to drain tokens without authorization. This poor design choice was confirmed via code decompilation, which showed no permission gating logic within the function.

What Happened

An unverified contract possibly linked to the Sola Token was exploited for $28.1k due to a lack of access control on its withdrawToken() function, enabling a repeat attacker to execute a flash swap and drain funds without authorization.

Key Event Timeline - Sola Unverified Contract withdrawToken Lacking Access Control
Date Event Description
April 10th, 2025 11:13:11 PM MDT Unverified Smart Contract Created The unverified smart contract is created on the Binance Smart Chain.
April 12th, 2025 3:19:11 AM MDT Smart Contract Attack Transaction The unverified smart contract attack is accepted as a valid transaction by the Binance Smart Chain.
April 12th, 2025 6:58:00 AM MDT TenArmor Posts Attack Overview TenArmor posts an overview of the mechanism behind the attack.

Technical Details

The smart contract reportedly allowed anyone to transfer tokens from it due to a lack of access control on the withdrawToken function.

On April 12, 2025, an unverified smart contract at address 0x623c was exploited due to a critical lack of access control, resulting in a loss of approximately $28,000.

The attacker initiated the exploit by sending 0.4 BNB to their own malicious contract at 0xD306.... They then assessed the Sola Token balance in the victim contract and calculated how much USDT could be obtained by swapping it. Utilizing the swap() function from PancakePair 0xdf9, the attacker initiated a flash swap, receiving 23,235 USDT upfront for 2,143,036 SOLA—before the SOLA was actually transferred to the liquidity pool.

To complete the swap and repay the protocol, the attacker then called the withdrawToken() function from the victim contract (0x623c...), which transferred the owed SOLA tokens to the swap pair. This allowed the swap to be finalized successfully without the attacker ever owning the SOLA tokens beforehand. The attacker repeated this process with another Sola token (0xef7), extracting 8.92 WBNB in a similar manner.

Contract Address: 0x623c1c6693e1425a7E691a0FF5C256Cb276522CA

This attack was part of a broader pattern by a repeat offender who had previously targeted Gemcy, OPC, and AIRWA, stealing around $181,000. A subsequent fifth exploit occurred on April 23, 2025, against ACB. The April 12 exploit targeted the Sola Token and used a malicious contract to abuse a vulnerable withdrawal function.

Total Amount Lost

TenArmor reports that the loss is approximately $28.1k.

The total amount lost has been estimated at $28,000 USD.

Immediate Reactions

It's unclear if there was any reaction from the team behind this unverified smart contract.

Ultimate Outcome

The incident was reported on by TenArmor.

Total Amount Recovered

There is no indication that funds have been recovered in this case.

There do not appear to have been any funds recovered in this case.

Ongoing Developments

It is unclear if any investigation or potential recover is ongoing.

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. TenArmor - "Our system has detected a suspicious attack involving an unverified contract 0x623c1c6693e1425a7E691a0FF5C256Cb276522CA on #BSC, resulting in an approximately loss of $28.1K." - Twitter/X (Accessed Aug 6, 2025)
  2. The attack transaction happening in the Binance Smart Chain. (Accessed Aug 6, 2025)
  3. Sola Incident Analysis - CertiK (Accessed Aug 6, 2025)
  4. Week 15, 2025 - BlockThreat (Accessed Aug 6, 2025)
  5. Week 20, 2025 - BlockThreat (Accessed Aug 6, 2025)
  6. Unverified Smart Contract - BSCScan (Accessed Aug 6, 2025)
  7. Binance Transaction Hash: 0x7d61611946... | BscScan (Accessed Aug 6, 2025)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Sola_Unverified_Contract_withdrawToken_Lacking_Access_Control&oldid=6889"