Overview

The Ramses Exchange on Arbitrum experienced a hack due to a vulnerability in its reward calculation mechanism, which allowed an attacker to claim rewards multiple times.

• Tx Attack: https://basescan.org/tx/0x6ab5b7b51f780e8c6c5ddaf65e9badb868811a95c1fd64e86435283074d3149e

• Attacker: https://basescan.org/address/0x81d5187c8346073b648f2d44b9e269509513aae2

Root cause

The core issue lay in the mismanagement of reward calculations, particularly with the "tokenTotalSupplyByPeriod" and "veWithdrawnTokenAmountByPeriod" values. By exploiting the ability to use different token IDs, the hacker managed to drain rewards across multiple pools.

While the "veWithdrawnTokenAmountByPeriod" value increases to track payouts, it fails to account for new token IDs. This oversight lets users repeatedly claim rewards by switching to different token IDs, effectively bypassing the reward tracking system and enabling multiple reward claims.

Aftermath

The incident highlights the importance of secure reward mechanisms and careful handling of token IDs to prevent such attacks. Furthermore, the incident has prompted discussions about the need for more rigorous auditing processes and greater transparency in smart contract development.