ULME token was attacked by a hacker using a flash loan attack resulting in 50,646 BUSD loss.

TL;DR

On October 25, 2022, ULME Token was attacked by a hacker who allegedly gained approximately 50,646 BUSD using flash loan.

Introduction to ULME

ULME is a token on Binance Smart Chain BNB Chain, but it has no social presence.

Vulnerability Assessment

The underlying source of the vulnerability is due to an indirect price manipulation using flash loans resulting from an unrestricted access control.

Steps

Step 1:

The attacker initially used flash loans to borrow 1,000,000 BUSD.

Step 2:

They then swapped the borrowed BUSD for $ULME tokens on PancakeSwap.

Step 3:

The attacker should have compiled a list of users who would approve the BUSD token to the $ULME contract.

Step 4:

The attacker called the buyMiner function of the $ULME token contract,passing in the list of users from the earlier step, and their corresponding amount.

Step 5:

In the underlying function, the attacker can manipulate the BUSD tokens previously approved to the users.

Step 6:

The attacker can additionally manipulate the BUSD of a large number of users, and swap to $ULME, thereby indirectly increasing the price of the token.

Step 7:

After the price increase, they swapped the $ULME token for BUSD, returned the amount borrowed during flash loan, and kept the remaining profit of 50,646 BUSD.

Aftermath

Following the incident, the underlying price of the $ULME token increased to a high of 0.394 before falling to 0.08 at the time of this writing.

How to Prevent Such an Attack Vector

In the indirect price manipulation attack, a trade on an AMM is utilised to discreetly influence the token price of a vulnerable DeFi application whose price mechanism is dependent on real-time status. A flash loan attack can be mitigated to a greater extent by imposing a limit on the amount that can be borrowed in a single flash loan transaction, or using oracle-based services like ChainLink amongst many other precautions.