[SlowMist: ONTR Token Contract Exploit Allows Attacker to 'Mint Out of Thin Air,' Profiting Approximately $98,000 in WETH] According to a report by Jinse Finance on May 29, SlowMist monitoring revealed an access control vulnerability in the ONTR token contract's `onlyOwner` modifier. When `owner == address(0)`, any address could bypass the permission check. Before the attack occurred, the `owner` of the contract had always been set to the zero address. The attacker exploited this vulnerability by calling `transferOwnership()` to set ownership to the attacker's contract, then invoked `desertJasper()` to add hidden balances to the queue, and finally called `glenFlash()` to execute `ashBud()`. This allowed the attacker to directly increase the balance of their address to 1e30 base units without increasing the `totalSupply`. Subsequently, the attacker transferred these "minted out of thin air" tokens into a standard PancakePair and used `swap()` to exchange them for assets from the legitimate WETH liquidity pool. By leveraging the access control vulnerability in the token contract, the attacker manipulated account balances, minted tokens without authorization, and stole WETH from a legitimate automated market maker (AMM) liquidity pool. The attack resulted in a loss of 49.4801 WETH, equivalent to approximately $98,315.16.