{"content":{"title":"BSCAnt3 事件 漏洞分析","body":"# 1.\t漏洞简介\r\nhttps://twitter.com/BlockSecTeam/status/1620074873795264512\r\n\r\n![1.png](https://img.learnblockchain.cn/attachments/2023/01/vVstkPtq63d887099c7ed.png)\r\n# 2.\t相关地址或交易\r\n攻击交易：\r\nhttps://bscscan.com/tx/0x7360f073c246db7f28a65ace03045736f4b06d26ce9ea618b88491b991efd1ad\r\n攻击合约：0x558af3ea4d08726221a7612c0ab32f5c94bfcc2b\r\n攻击账号：0xff9ab8e7895ecf05ee6a18f0c0c067eb73a58e65\r\n被攻击合约：BSCAnt3  0x906e0becf3ffac20d248922f1cf27d54455fecc2\r\n# 3.\t获利分析\r\n\r\n![2.png](https://img.learnblockchain.cn/attachments/2023/01/pfgo9GVS63d88746ea7db.png)\r\n# 4.\t攻击过程&漏洞原因\r\n查看攻击交易过程，发现攻击者调用了合约0x3f04-BSCAnt3的burn方法，销毁了池子中8920743207549780 个BSCAnt3代币，这必将引起池子中的价格失衡。\r\n\r\n![3.png](https://img.learnblockchain.cn/attachments/2023/01/wMBNLodb63d8876dbfb64.png)\r\n这是一个可升级合约，查看逻辑合约代码，发现burn函数的可见性为public，无其它权限控制，这将导致所有人均可调用该方法销毁任意账号的任意数量代币。\r\n\r\n![4.png](https://img.learnblockchain.cn/attachments/2023/01/XPMcWa1Y63d887856f753.png)\r\n\r\n![7.png](https://img.learnblockchain.cn/attachments/2023/01/SwIiWviV63d887e4c2b5a.png)\r\n攻击者操纵池子价格后即可用少量BSCAnt3代币兑换处大量BNB。\r\n# 5.\t题外话\r\n查看下逻辑合约（即漏洞合约）0x906E0beCF3FfAc20d248922F1cf27d54455fecC2的创建时间：\r\n\r\n![5.png](https://img.learnblockchain.cn/attachments/2023/01/A1srhAEl63d8880bead92.png)\r\n而攻击事件发生时间为：\r\n\r\n![6.png](https://img.learnblockchain.cn/attachments/2023/01/s9SuyXxU63d88822cf133.png)\r\n也许真的有人在这么短的时间内发现了漏洞并写好了POC吧。。。。 ^_^"},"author":{"user":"https://learnblockchain.cn/people/10579","address":null},"history":null,"timestamp":1675135088,"version":1}