{"content":{"title":"BRA事件 漏洞分析","body":"# 1.\t漏洞简介\r\nhttps://twitter.com/BlockSecTeam/status/1612701106982862849\r\n\r\n![1.png](https://img.learnblockchain.cn/attachments/2023/01/UNWuoWhE63c2c354bb26f.png)\r\n# 2.\t相关地址或交易\r\n攻击交易：\r\nhttps://phalcon.blocksec.com/tx/bsc/0x6759db55a4edec4f6bedb5691fc42cf024be3a1a534ddcc7edd471ef205d4047\r\n攻击合约：0x1fae46b350c4a5f5c397dbf25ad042d3b9a5cb07\r\n攻击账号：0x67a909f2953fb1138bea4b60894b51291d2d0795\r\n被攻击合约：BRA  0x449fea37d339a11efe1b181e5d5462464bba3752\r\n\r\n# 3.\t获利分析\r\n\r\n![2.png](https://img.learnblockchain.cn/attachments/2023/01/2yViD0nE63c2c37871451.png)\r\n# 4.\t攻击过程&漏洞原因\r\n查看攻击交易过程，可以发现当攻击者先给池子转移10539350743918941916677单位BRA代币，调用skim0x8f4b-Cake-LP池子的BRA代币逐渐增多：\r\n\r\n![3.png](https://img.learnblockchain.cn/attachments/2023/01/r8zSPvo463c2c39135464.png)\r\n查看BRA合约的transfer函数，发现当函数的sender、recipient均为uniswapV2Pair且isAllow、isAllowSell均为false时，会凭空增加tax的税费，并且最终这笔税费流入uniswapV2Pair，最终导致BRA代币增发：\r\n\r\n![4.png](https://img.learnblockchain.cn/attachments/2023/01/SXJ8qFf863c2c3a34049b.png)\r\n\r\n![5.png](https://img.learnblockchain.cn/attachments/2023/01/moQF6pZP63c2c3b418eb0.png)\r\n攻击者将增发的代币兑换成BSC-USD，归还闪电贷，离场：\r\n\r\n![6.png](https://img.learnblockchain.cn/attachments/2023/01/yTPRRGOS63c2c3c463360.png)"},"author":{"user":"https://learnblockchain.cn/people/10579","address":null},"history":null,"timestamp":1673708512,"version":1}