Beosin: Analysis of the Sashimi Swap Flashloan

On December 30, BEOSIN’s Eagle Eye alerted that the Sashimi Swap was hacked at 09:06 UTC on December 30, with a total loss of nearly USD 200,000. Regarding this security incident, our security technical team have conducted a brief analysis of the hacking process.

#1 Overview

SashimiSwap is a decentralized trading protocol for multi-chain deployments based on AMM and swap pools. It has an embedded investment platform designed to increase the revenue of liquidity providers and it is deployed on three chains simultaneously: Ethereum, HECO and BSC. SashimiSwap executes automated trading strategies using funds from the platform’s liquidity pool.

#2 Detailed Analysis

Transaction Hash:

0xd6a816cc291b24267c03c23c730a84a2699f32a7cf714c8cbe3e47321c76b08f

Hacker Address: 0xa8189407A37001260975b9dA61a81c3Bd9F55908

Attack Contract: 0x2ccc076d1de2d88209f491c679fa5bde870c384a

The hacker first lent 399.639 WETH through the DVM pair contract to prepare for the attack later.

Then three tokens were created to create transaction pairs later, which are:

A Token Address: 0xf1b43f4e14650ac8c4bb009d9b56eb77c1ae87cd

B Token Address: 0x7a77073c1191f2d2fd31a71c758d44f3de0af831

C Token Address: 0xbacbd121f37557e5ea1d0c4bb67756867866c3fe

Then add fluidity separately.

First add liquidity 1:1 with 1 “B token” and 1 “C token”.

Then add liquidity 1:1 with 1 Weth token and 1 “C token”.

The hacker converted the WETH obtained by flash loan into uni and put it into the wallet to make his first profit.

The hacker then added liquidity 1:1 from 1 WETH to 1 “B token”, and 1:1 from 247 WETH tokens to 247 “A tokens”, at which point the hacker had spent 400 WETH tokens. Then the next step was ready for the profit.

Immediately after, the hacker directly called the swapExactTokensForETHSupportingFeeOnTransferTokens function for profit. The hacker’s swap path was: A => WETH => B => C => WETH.

#3 Summary

By analyzing the codes, we found that swapExactTokensForETHSupportingFeeOnTransferTokens function has a serious logic vulnerability, where the calculation is done based on WETH of the first pair recorded. Then it is possible to swap the WETH in the first pair to the other pairs, thus making profits: amountOut = balanceBefore.sub(balanceAfter).

The hacker then removed the liquidity and gets WETH, and finally the hacker repeated the profit twice with the obtained WETH, and returned WETH tokens lent by flash loan. The total profits nearly $200,000: 6,261.304 uni, 4,466,096 Sashimi and 63,762 usdt.

Contact US

Website: https://beosin.com/

Email:contact@beosin.com

Twitter: https://twitter.com/Beosin_com

Telegram: https://t.me/beosin

Medium:https://medium.com/@Beosin

Github: https://github.com/Beosin20180329

Discord: https://discord.com/invite/B4QJxhStV4

Subscribe to Beosin
Receive the latest updates directly to your inbox.
Verification
This entry has been permanently stored onchain and signed by its creator.