On January 13, 2025, the Mosca contract on Binance Smart Chain (BSC) was exploited for the second time due to incorrect logic in join and withdraw flows. The exploit resulted in a total loss of approximately $37.6k.

Key informations

Attacker:

https://bscscan.com/address/0xe763da20e25103da8e6afa84b6297f87de557419

Vulnerable Contract:

https://bscscan.com/address/0xd8791f0c10b831b605c5d48959eb763b266940b9

Transaction attack:

https://bscscan.com/tx/0xf13d281d4aa95f1aca457bd17f2531581b0ce918c90905d65934c9e67f6ae0ec

Exploit Analysis

The attacker exploited a design flaw by issuing seven successive join calls before executing the withdrawFiat function in a single transaction. This sequence allowed the attacker to manipulate the accumulation of their balance and withdraw funds exceeding their deposit.

Analysis of the join Function

The join function was intended to manage staking inputs. However, its logic allowed the user’s balance to continuously accumulate based on the previous balance. By calling join seven times in succession, the attacker artificially inflated their balance. This unconventional approach to staking yield calculations created an unintended state that could be exploited.

Analysis of the withdrawFiat Function

In the withdrawFiat function, the contract subtracts the withdrawal amount directly based on the user's input and subsequently transfers that amount back to the user. This formula doesn't align with the accumulation logic of the join function, which enabled the attacker to withdraw more funds than were originally deposited.

Root Cause

The core issue lies in the mismatch between the accumulation mechanism in the join function and the withdrawal formula in the withdrawFiat function. Although withdrawFiat executes correctly per its own logic, it fails to account for the compounded balance generated by the repeated join calls. This discrepancy, coupled with inadequate validation checks, enabled the attacker to withdraw funds significantly exceeding their deposit.

Lesson learned

The Mosca contract exploit exposes a core, yet avoidable, flaw in the project’s smart contract design—a vulnerability that thorough testing and security audits could have caught and resolved during development. This case underscores the vital need for robust test cases, formal verification, and third-party code reviews to uncover potential attack vectors pre-deployment. It reinforces that smart contract security extends beyond development, demanding ongoing risk assessment and monitoring to protect blockchain ecosystems from exploitation.