BT.Finance Exploit analysis report

  • The contract address deposit is not allowed
  • Sets no withdrawals within one minute
  • 0.5% withdrawal fees within 24 hours.

1. Bypass contract address deposit

2. Break through NO withdrawals within one minute

3. The withdrawal fee set at 0.5% within 24 hours played an important role.

We had set a 24-hour handling fee of 0.5%. Thus, the exploiter(s) left nearly10% withdrawal service fee. Hereby, It is advised to increase the 24-hour withdrawal fee to 10%.

Summary:

Round 1 Hack Gain: 62,000 ETH -> 62086.25066419326 ETH

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store