Ever make a stupid mistake at work and have it blow up in your face? Well this should make you feel better.
A Binance Smart Chain (BSC) DeFi project called Uranium Finance was hacked on 28 April 2021 for the second time in a month. Estimates for the second hack place the losses at $57 million. Not a bad payday for the attacker.
This chart from DappRadar shows the results:
So what was the stupid mistake? Well, when Uranium updated their software they changed some of the hard-coded amounts in the functions that run the math on token exchanges.
Here's the updated code versus the previous version:
Updated:
Previous:
Source: Rekt.News
They changed the "1000" amount in the first two lines to "10000" but forgot to change the third. WHOOPSIE!
But was it a mistake? They were due to fix this bug on the day of the attack... possible rug pull? Inside job? That's all speculation at this point, but it's worth mentioning that the protocol was unaudited.
Rekt.News did a better write up than this on what happened, so check them out and give them some love. They are a great source for information on DeFi hacks.
If you want to take a dive into a technical breakdown of the first hack, you can read through this write-up by Certik.