如何解决这个项目是如何设法骗取质押资产并将其直接提取到他们的钱包中的?
这个 DEFI 项目运行良好大约一个月,然后在 24 小时前,他们设法以某种方式将提款直接转移到他们的开发地址中。智能合约看起来正常,提现功能+参数看起来还可以。
交易示例 1(诈骗前 - 资金流向来电者地址): https://bscscan.com/tx/0xe51cc0958f66966ce2f6d9aab659a418aa949adb7b9cb82207f7041c543fa0ec
交易示例 2(骗局 - 资金流向 devaddress): https://bscscan.com/tx/0x19d62e850b39dd45bf101b536ab01797f79854c8914966b5856ac7804da4a8e9
那么他们是如何做到这一点的?
// Withdraw LP tokens from MasterChef.
function withdraw(uint256 _pid,uint256 _amount) public {
PoolInfo storage pool = poolInfo[_pid];
UserInfo storage user = userInfo[_pid][msg.sender];
require(user.amount >= _amount,"withdraw: not good");
updatePool(_pid);
uint256 pending = user.amount.mul(pool.accSushiPerShare).div(1e12).sub(user.rewardDebt);
if(pending > 0) {
safeSushiTransfer(msg.sender,pending);
}
if(_amount > 0) {
user.amount = user.amount.sub(_amount);
// pid0 token,pid1 pair 0% fee,other token 5% fee
uint256 buybackAmount = _amount.mul(50).div(1000);
// transfer to treasury contract and buyback token.
if (_pid > 1 && buybackAmount > 0) {
pool.lpToken.safeTransfer(devaddr,buybackAmount);
_amount = _amount.sub(buybackAmount);
}
pool.lpToken.safeTransfer(address(msg.sender),_amount);
}
user.rewardDebt = user.amount.mul(pool.accSushiPerShare).div(1e12);
emit Withdraw(msg.sender,_pid,_amount);
}
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
