SlowMist
SlowMist|May 29, 2026 03:55
🚨SlowMist TI Alert🚨 💸 Loss: 49.4801 WETH (~$98315.16) 🔍 Root Cause: An access control vulnerability exists in the `onlyOwner` modifier of the ONTR token contract. When `owner == address(0)`, any address can pass the check. Before the attack, the address's owner was always zero. The attacker exploited this vulnerability by calling `transferOwnership()` to set the attacker contract as the owner, then calling `desertJasper()` to add a hidden balance to the queue, and finally calling `glenFlash()` to execute `ashBud()`, directly increasing the address balance by `1e30` primitive units without adding `totalSupply`. The attacker then transferred the inflated tokens to a standard `PancakePair` and swapped them for real WETH using `swap()`. 📌 Attacker EOA: 0xe806b37a9f965bd9d54aadf9560c78957550b760 📌 Victim Pair: 0xd46d89f4675bc96328fbdeb443842cdb5fcd83fd 📌 Vulnerable Token Contract: 0xf074865358b0dd039beee075831f8a2ae6b1f3f3 Attack Impact: The attacker exploited an access control vulnerability in the token contract to inflate the balance, minting tokens for free and then stealing WETH from legitimate AMM liquidity pools. Powered by #SlowMist.AI(SlowMist)
+4
Mentioned
Share To

Timeline

HotFlash

APP

X

Telegram

Facebook

Reddit

CopyLink

Hot Reads