LIFE Protocol is a digital asset that increases in value with every transaction, leveraging algorithmic pricing and a strong community network to drive sustainable financial growth.

Recently, it suffered a hack resulting in losses exceeding $51,000. Initial investigations indicate it was a price manipulation attack.

Overview

• Attacker address: WebKey DAO Exploiter

• Attacker’s contract: 0xf6cee497dfe95a04faa26f3138f9244a4d92f942

• Vulnerable contract: LifeProtocolContract

Analysis

Since the attack was carried out through multiple similar transactions, we will analyze just one of them. Let’s examine transaction 0x487fb71e3d2574e747c67a45971ec3966d275d0069d4f9da6d43901401f8f3c0.

At first glance, the transaction appears straightforward: the attacker executed a flash loan, purchased tokens, and then sold them for profit.

Upon closer inspection, the token’s purchase price steadily increases with each successive buy operation. However, the selling price remains constant throughout. This suggests a flaw in the pricing mechanism during token sales.

Reviewing the LifeProtocolContract code reveals that the sell() function appears to omit a call to handleRatio(), which is responsible for updating the token price after a sale. This oversight allowed the attacker to sell tokens at an inflated price, making it the root cause of the exploit.

Conclusion

This incident highlights how even a single overlooked line of code can lead to serious financial losses. In LIFE Protocol’s case, the failure to update token pricing in the sell() function introduced a critical vulnerability that was exploited for profit. This serves as a powerful reminder that, in decentralized finance, small mistakes can have dramatic consequences. Users should always trade on trusted, thoroughly audited platforms - because in DeFi, security isn’t optional, it’s essential.