MSCST Smart Contract Hit by $130,000 Flash Loan Attack on BSC

BlockSec Phalcon identified a missing access control flaw in releaseReward(), enabling GPC token price manipulation on PancakeSwap and causing $130,000 in losses.

CAKE

76d ago

Summary

BlockSec Phalcon detected a flash loan attack on Dec. 29 against the MSCST smart contract on Binance Smart Chain, resulting in approximately $130,000 in losses. The exploit stemmed from missing access control in the releaseReward() function, which allowed attackers to manipulate GPC token prices in a PancakeSwap liquidity pool. The vulnerability facilitated execution of the exploit within a single transaction, leading to rapid asset drainage.

Terms & Concepts

Flash Loan Attack: A rapid, unsecured cryptocurrency loan used within a single transaction, often exploited to manipulate markets or protocols.
Smart Contract: Self-executing blockchain code that automatically enforces rules and transactions without intermediaries.
PancakeSwap: A decentralized exchange (DEX) on Binance Smart Chain for swapping tokens using automated liquidity pools.