YESorNO BNBChain Contract Vulnerability

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

YESorNO Logo/Homepage Updated

YESorNO is a decentralized betting application which launched in 2018. A smart contract vulnerability on a similarly-named smart contract resulted in a loss of $118k. It's unclear if this smart contract is related to the original YESorNO betting application or could be a similarly-named copycat project. The exploited smart contract had only been online for 10 minutes at the time of the exploit.[1][2][3][4][5][6][7][8][9][10][11][12]

About YESorNO

"Launched at the end of year 2018 in the gaming industry to validate its product market fit (with a free to play approach first / no money) on an industry led by historical leaders, YESorNO is now preparing its launch as a Dapp, by T2 2022, with its coin YON. From 2019 on, YESorNO has been backed by business angels thanks to a first fund raising, and nearly 5,000 from various countries have joined the project in september 2021 to participate in the development of the Dapp project. Managed by an internationally experienced team based in France, YESorNO will be a dapp that intends to offer a new user experience in the betting industry (playing money now), where traditional operators usually enable their members to place their bets only on the plateform content, and majorly on sports. YESorNO will enable its members to play with its coin YON, on the bets created by the community, on any kind of topic. To learn more about the history and the forecasts of the project, please take a look at our website and white paper"

"YESorNO was founded by Gilles Feingold, who was the founder of several innovative projects for 25 years now. One of the main co-founders/associates, Pierre Klein, was a manager of Betclic (european leader in the betting industry). The rest of the team is composed of experts in the blockchain (both on technical and marketing aspects) and legal betting area."

"YESorNO is a dapp that enables its users to create bets by themselves (instead of the traditional industry approach where you may only bet on the bets of the operators). Moreover, while you usually bet on sports and for example on the name of teams and on very formatted bets for example, on YESorNO, the players will have the possibility to bet only by using YES or NO choices, and on 2 “proprietary” formats of betting : a 60 characters maximum sentence or a video. This new kind of approach of betting on our alpha app has generated 30 millions bets with its community of 100,000 ‘test players” from may 2019 to september 2021. From that starting point, the platform is organized to give a special place to the members, and not only reward those who win on a bet. The participants and those who create some value for the app and its members (by sharing the content, by participating to the consensus at the end of the bet to get the final result, or just by holding their tokens), will be rewarded with YON for that. More generally, those who contribute to the life and value of the app, will take advantage of being part of the project. A part of the tokenomics is representative of this vision and the distribution of some of the coins. The revenue generated by the advertising on the app will be dispatched between the platform and its members, and a certain number of coins will also be distributed each month to reward the community through a dedicated community fund, on the same kind of principle than Bitcoin that is remunerating people who help the network. YESorNO, as one of the first movers in the betting industry on the blockchain, will try, thanks to its vision and original approach, to take the leadership of a 150 billion dollars worldwide market."

"There is a maximum supply of 9 billion YON — but at the fisrt listing, there will be a circulating supply of about 1 billion. Three rounds of public sales of YESorNO tokens were held between Juily 2021 and September 2021. YESorNO price during its pre-launch sale was $0.003."

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Key Event Timeline - YESorNO BNBChain Contract Vulnerability
Date Event Description
December 31st, 2023 7:12:43 PM MST YESorNO Site Online The YESorNO website is last captured as being online.
March 19th, 2024 6:41:41 PM MDT New YESorNO Site The YESorNO website starts displaying a notice about a new website which is being constructed.
May 22nd, 2024 3:13:30 AM MDT Contract Creation The YESorNO smart contract is first created.
May 22nd, 2024 3:23:30 AM MDT Blockchain Transaction The smart contract is exploited on the blockchain.

Technical Details

"YON on BNBChain was exploited and lost 190 BNB (~$118K) as a result. The vulnerability in the transferFrom function of the target contract (YON) allowed the attacking contract to directly transfer YON to the LP contract."

Total Amount Lost

The total amount lost has been estimated at $118,000 USD.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. SlowMist Hacked - SlowMist Zone (Jun 10, 2024)
  2. https://web.archive.org/web/20240528162707/https://bscscan.com/tx/0x5b3ffec387b5e77b3fc1c6423ea2cbc47b2a8dacd74eb9f20bdfd852f5c28215 (Jun 10, 2024)
  3. https://coinmooner.com/coin/yesorno-yon (Jun 10, 2024)
  4. YESorNO (Jun 10, 2024)
  5. https://web.archive.org/web/20240101021243/https://yesorno.bet/ (Jun 10, 2024)
  6. https://web.archive.org/web/20240320004141/https://yesorno.bet/ (Jun 10, 2024)
  7. https://web.archive.org/web/20240320004143/https://yesorno.bet/ (Jun 10, 2024)
  8. YESorNO price today, YON to USD live price, marketcap and chart | CoinMarketCap (Jun 10, 2024)
  9. BNB Smart Chain Transaction Hash (Txhash) Details | BscScan (Jun 10, 2024)
  10. $0.0009 | YES||NO (YON) Token Tracker | BscScan (Jun 10, 2024)
  11. YESorNO (YON) Token Tracker | BscScan (Jun 10, 2024)
  12. BNB Smart Chain Transaction Hash (Txhash) Details | BscScan (Jun 10, 2024)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=YESorNO_BNBChain_Contract_Vulnerability&oldid=6018"