The AIZPT Token suffered an exploit on October 5, 2024, resulting in an estimated loss of approximately $20,000 at the time of the exploit. The root cause of the exploit was the incorrect implementation of price calculation during token purchases.

Overview

Attacker Contract: https://bscscan.com/address/0x8408497c18882bfb61be9204cfff530f4ee18320

Vulnerable Contract: https://bscscan.com/address/0xbe779d420b7d573c08eee226b9958737b6218888

Transaction attack: https://bscscan.com/tx/0x5e694707337cca979d18f9e45f40e81d6ca341ed342f1377f563e779a746460d

Exploit Analysis

The AIZPT Token contract allows users to buy and sell tokens directly, with a 50% fee applied when buying tokens and 50% of the tokens burned when selling.

The problem lies in the formula used for buying tokens. They use the formula of the quote function from Uniswap V2. While this function is useful for understanding reserve ratios or liquidity, it is not suitable for determining actual trade prices.

With this formula, users can exploit the system by buying tokens at a low price and selling them at a high price to take profit (even after being charged a 50% fee) using the sell function, which employs the getAmountOut formula from Uniswap V2.

The attacker flash-loaned 8000 BNB and used it to buy AIZPT tokens. They then sold the tokens multiple times, earning a profit of 34.88 BNB.

Lesson learned

Developers must thoroughly review and understand the logic of third-party contracts when integrating them with their custom logic to prevent any inconsistencies.

It is strongly recommended to conduct a security audit, whether it is a simple ERC20 contract with some minor changes or a complex DeFi protocol with hundreds of thousands of lines of code.