On November 15, 2022, the Sheep Farm project was attacked by a hacker resulting in the loss of approximately 262 $BNB tokens worth $72,000.
Introduction to Sheep Farm
Sheep Farm is an investment blockchain game on the BNB chain.
The root cause of the attack is a vulnerability in one of the SheepFarm contract's functions, which could be called multiple times to increase the gems yield.
- The vulnerability existed in the register function of the SheepFarm contract.
This function validates a user's timestamp to verify if they are a new user.
It doesn't however update the timestamp after the user registration is completed.
- The perspective attacker invoked this function multiple times to increase his own gems values.
- They used the upgradeVillage function to accumulate yield while consuming gems properties.
- The sellVillage function of the contract was called to convert the yield to money.
- Finally, they converted the funds into $BNB tokens and withdrew them using the withdrawMoney function.
Following the incident, the team put their platform into maintenance mode.
How to prevent such an attack vector
This exploit could have been prevented if proper validation techniques had been used to ensure that all potential attack surfaces had been completely fixed. It is essential that the project team conduct rigorous audit procedures with multiple blockchain security firms to prevent such occurrences.
Protocol, and Platform Security
Our security team at Neptune Mutual can validate your platform for DNS and web-based security, smart contract reviews, as well as frontend and backend security. We can offer you a solution to scan your platform and safeguard your protocol for known and unknown vulnerabilities that have the potential to have catastrophic long-term effects. Contact us on social media if you are serious about security and have the budget, desire, and feeling of responsibility to do so.
Neptune Mutual project safeguards the Ethereum community from cyber threats. The protocol uses parametric cover as opposed to discretionary insurance. It has an easy and reliable on-chain claim process. This means that when incidents are confirmed by our community, resolution is fast.
Join us in our mission to cover, protect, and secure on-chain digital assets.
Official Website: https://neptunemutual.com