This is a demo to replay the GymNetwork exploit happened on Apr-09-2022
https://bscscan.com/tx/0xa5b0246f2f8d238bb56c0ddb500b04bbe0c30db650e06a41e00b6a0fff11a7e5
npm install
npx hardhat run scripts/execute.jsTrace the transacition with blocksecteam - https://versatile.blocksecteam.com/tx/bsc/0xa5b0246f2f8d238bb56c0ddb500b04bbe0c30db650e06a41e00b6a0fff11a7e5
The exploiter do the following steps to make profile
- flash loan 2400 BNB from BNB-BUSD pancake pair
- swap 600 WBNB for 5,942,069 GYM
- add 46,106 liquidity with 1730 WBNB and 1,400,000 GYM
- call
LiquidityMigrationV2to migrate from WBNB-GYM pair to WBNB-GymNetwork pair - remove the WBNB-GymNetwork liquidity and receive 1730 WBNB and 1,166,737 GymNetwork token
- swap the remaining 4,542,069 GYM for 585 WBNB
- swap 1,166,737 GymNetwork token for 1367 BNB
- return 2425 WBNB for flash loan
- take profit of 1327 BNB
There are several reasons that make this exploit possible.
- WBNB-GYM has low liquditiy and s single swap with 600 WBNB will lift up the price of GYM alot.
LiquidityMigrationV2contract has a large amount of remaining GymNetwork token for migration, which allow exploiter to exchange their GYM to GymNetwork with 1.2 to 1 ratio , while the actual price of GymNetwork token is nearly 150 times of Gym at the time of exploit.
This codebase is for demonstration purposes only