Bogged Finance, Another Binance Smart Chain Protocol After PancakeBunny Hacked Using Flash Loans

So it seems troubles of Binance Smart Chain defi projects are not over yet, as today yet another BSC defi project Bogged Finance fell victim to flash loan attack, with hackers minting $3.6 million worth BOG tokens.

The attackers exploited the protocol by inflating the BOG balance via via self-transfer. Apparently there's been a bug in BOG token contract which is default deflationary in nature. It charges 5% of the amount transferred out of which 1% is burned and 4% is charged as staking fees. But the token contract implementation only charges 1% and remaining 4% is still inflated as staking profit.

The hackers took flashloans to substantially increase the stacking amount and performed self transfers repeatedly to benefit from inflated staking profits. Later, the BOG profits were dumped for $3.6M WBNB.

The BOGG token price fell from 8.25$ to 0.159$ in matter of minutes as a result of dumping.

Two days ago a similar kind of exploitation took place on PancakeBunny, when hackers managed to manipulate the price of BNB-USDT pool using flash loans and minting 7 million Bunny tokens worth $45 million.

The way Binance Smart Chains project are getting exploited, I am a bit worried about Cubdefi. Not that I don't trust capabilities of dev team but no system is fool proof and exploiters remain in constant pursuit of any vulnerabilities in the code they can exploit.