SlowMist|Jun 17, 2026 02:58
🚨SlowMist TI Alert🚨
💸 Loss: 111,097.596667856001191208 USDC (~$111,097.6)
🔍 Root Cause: DIP token `_transfer()` function has a missing `return` statement in the router branch (when `from` or `to` is PancakeSwap Router). This causes the same transfer to be executed twice when `skim(router)` is called on the Pancake Pair. The attacker exploited this by calling `skim(router)` to trigger double DIP transfers, then `sync()` to set the DIP reserve to an extremely low value, manipulating the AMM price to drain the pool.
📌 Attacker: 0x0d4024cd27538350a911d9b7ee90811fa4875ba3
📌 Victim Pair: 0xf7d8267d01d1104da2dd30828aa9c0e1647919ef
📌 Vulnerable Token: 0x6c60bf5db0670ae94489d3dde2c60f271625db50
Impact: The attacker drained 111,097.6 USDC from the PancakeSwap DIP/0x524c... liquidity pool by exploiting a double-transfer bug in the DIP token contract.
Powered by #SlowMist.AI(SlowMist)
Share To
Timeline
HotFlash
APP
X
Telegram
CopyLink