Stead Token Smart Contract Lacks Proper Access Control
Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!
About Stead Smart Contract
The Stead smart contract was launched on the Arbitrum blockchain on February 21st, 2024. The blockchain address for the smart contract is 0xf9ff933f51ba180a474634440a406c95dfb27596.
The Reality
The Stead smart contract had a vulnerability.
What Happened
The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.
| Date | Event | Description |
|---|---|---|
| February 21st, 2024 5:04:03 AM MST | Stead Smart Contract Created | The Stead smart contract is launched on the Arbitrum blockchain. |
| June 29th, 2025 11:46:20 AM MDT | Exploit Transaction Timestamp | The Stead smart contract is exploited on the Arbitrum blockchain. |
| June 29th, 2025 8:16:00 PM MDT | TenArmor Posts Analysis Of Exploit | TenArmor posts an analysis of the exploit on the Stead blockchain. |
Technical Details
"It seems that the 0x16fb27ce() function in the newly upgraded contract 0xf9ff lacks proper access control, allowing any to drain STEAD tokens from the contract."
Total Amount Lost
Losses are reported by TenArmor at $14.5k USD. The exploit transactions shows a gain of 135,000 STEAD tokens.
The total amount lost has been estimated at $15,000 USD.
Immediate Reactions
The incident and malicious transaction were ultimately reported on by TenArmor.
Ultimate Outcome
It does not appear that there has been any recovery.
Total Amount Recovered
There is no indication that any funds have been recovered.
There do not appear to have been any funds recovered in this case.
Ongoing Developments
It is unclear if any investigation or recovery is ongoing.
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ TenArmor - "Our system has detected a suspicious attack involving #STEAD token on #Arbitrum, resulting in an approximately loss of $14.5K." - Twitter/X (Accessed Jul 25, 2025)
- ↑ Attack Transaction On Stead Token Smart Contract - Arbiscan (Accessed Jul 25, 2025)
- ↑ Exploited Stead Smart Contract Address - Arbiscan (Accessed Jul 25, 2025)
- ↑ Creation Of Exploited Stead Smart Contract - Arbiscan (Accessed Jul 25, 2025)