{"content":{"title":"UFDao 漏洞分析","body":"# 1.\t漏洞简介\r\nhttps://twitter.com/BlockSecTeam/status/1613507804412940289\r\n\r\n![1.png](https://img.learnblockchain.cn/attachments/2023/01/eobA4bA863c267b4a1cb2.png)\r\n# 2.\t相关地址或交易\r\n攻击交易：\r\nhttps://bscscan.com/tx/0x933d19d7d822e84e34ca47ac733226367fbee0d9c0c89d88d431c4f99629d77a\r\n攻击合约：0x1bbed50a248cfd2ce498e2219c92f86ad657e7ac\r\n攻击账号：0xc578d755cd56255d3ff6e92e1b6371ba945e3984\r\n被攻击合约：0xCA49EcF7e7bb9bBc9D1d295384663F6BA5c0e366\r\n# 3.\t获利分析\r\n\r\n![2.png](https://img.learnblockchain.cn/attachments/2023/01/wGAEvthr63c267d76b477.png)\r\n# 4.\t攻击过程&漏洞原因\r\n查看攻击过程，发现攻击者通过111622391174831097929单位的USDC就获取了84937901105459450533735单位的USDC：\r\n\r\n![3.png](https://img.learnblockchain.cn/attachments/2023/01/a601KEJu63c267fa7a2f4.png)\r\n查看UTF合约的burn函数，发现函数将根据lp比率返回USDC数量：\r\nuint256 _share = (1e18 * _amount) / (totalSupply());\r\n\r\n![4.png](https://img.learnblockchain.cn/attachments/2023/01/v72uSRXm63c2680c243b5.png)\r\n从攻击记录看该攻击者的比例为94.25%，只需几次重复攻击即可耗尽资金池：\r\n\r\n![5.png](https://img.learnblockchain.cn/attachments/2023/01/OlDuOCsq63c26822958ca.png)\r\n那为什么攻击者可获得如此高的lp比例呢？查看合约信息，发现rate的值为1000000000000000000 ，参考代码实现，发现攻击者可以按照1：1的比率获得lp代币，即只需极少量USDC即可获得大量的lp代币：\r\n\r\n![6.png](https://img.learnblockchain.cn/attachments/2023/01/PxUwXXbw63c268358752f.png)\r\n\r\n![7.png](https://img.learnblockchain.cn/attachments/2023/01/zHXPSJxQ63c2683e5252b.png)"},"author":{"user":"https://learnblockchain.cn/people/10579","address":null},"history":null,"timestamp":1673685114,"version":1}