APRIL 2021




"Knights of the Round Table DeFi - A new approach to DeFi with Integrity and Honor."


"Farming is the top utilized DeFi feature in the DeFi landscape right now. Most projects on the Binance Smart Chain (BSC) network offer Liquidity Provision (LP) farming and staking already integrated into their network. Knights DeFi brings about a fun and thrilling aspect to yield farming away from the norm we’ve been long associated with." ‍ "The platform uses the “Battlefield” for farming, a unique staking pool concept. Instead of constantly minting new tokens like what is obtained in existing DeFi protocols, the platforms distribute tokens that are already harvested from other transactions. This allows yields to sustain even after the protocol's initial liquidity rewards are exhausted."


"Knights DeFi is setting a new standard for DeFi on Binance Smart Chain. We believe through community, honor, and integrity we can make a difference to how others approach DeFi in the future."


"What we want: Equitability for both heavy investors and casual investors. Engaged and pleasant community. Increased utility and value of all tokens. Heavy user engagement in ecosystem daily, longevity. Stay true to our mission of having integrity and honor, transparency."


"What we want don’t want: Pump and Dumps / Cash Grabs / Ponzi. Rug pulls. Toxic community. Fear, Uncertainty, Doubt Exploitation. Tokens are used in the ecosystem to build armies and fight in wars!"


Knights Defi depended on the same lottery contract code as PancakeSwap. "Whitehat Juno submitted a critical vulnerability in PancakeSwap’s lottery contract on April 27." (Status of contract in Knights Defi.)


"Due to insufficient validation, a malicious user could have claimed the same winning ticket at least 255 times in a single transaction, meaning the reward size was 255 times too great. A total of $700,000 in funds could have been lost, had the vulnerability been exploited."


"An analysis of this code block reveals that if a ticket is submitted to multiClaim multiple times (that is, the _tickets[] aren’t all unique), the duplicate ticket will be able to be redeemed multiple times. This happens because Lottery.sol checks that the ticket hasn’t been claimed, and it checks all the tickets before marking any of them as claimed. Additionally, LotteryNFT.sol multiClaimReward doesn’t require that the ticket being claimed hasn’t already been marked as claimed."


"None of the checks account for the possibility that a malicious user would pass the same ticket multiple times. The result is that the total reward is a function of the reward itself multiplied by the number of times the ticket is claimed."


"Step 1: Buy a lottery ticket. Step 2: Win the lottery. The lottery works by allowing you to pick a number between 1 and 14, and you pick four numbers. There are prizes available for matching at least two of the numbers together. If you match four numbers together, you win the grand prize. However, the exploit does not depend on winning the grand prize. The exploit depends on winning at least some amount of money, which is not difficult. Step 3: Submit the malicious transaction, which calls multiClaim(), and pass the winning ticket 255 times, where each ticket is the ID of the NFT lottery ticket. There’s no validation that a user is claiming the same ticket, so that user can effectively claim the same ticket an unlimited number of tickets — with the only limit being the blocksize of the transaction."


"PancakeSwap fixed [the] logic bug after it was responsibly disclosed by Juno." "Immunefi began the process of disclosure assistance, contacting every project on Binance Smart Chain that had forked PancakeSwap’s lottery contract to inform them of the vulnerability as well. ApeSwap, PantherSwap, and Knights DeFi were vulnerable. All three decided to pay a bounty to the whitehat as well."


"PancakeSwap paid $70,000 in CAKE tokens. ApeSwap paid $2,700. PantherSwap paid 10,290 PANTHER tokens. Knights DeFi paid 7,000 KNIGHT tokens. All affected projects have fixed the vulnerability."


"After Juno reported the vulnerability through Immunefi, PancakeSwap withdrew all funds out of the contract." "PantherSwap, however, kept the lottery contract active and applied a fix as suggested by Immunefi’s CTO Duncan Townsend. The fix was to rewrite the multiClaim() function." "ApeSwap shut down its lottery contract. Knights DeFi took down the contract and migrated to a new one."

The Knights Defi smart contract included a lottery. While the lottery was not actively running, the smart contract was still live and there were still some funds sitting in a smart contract hot wallet.


Due to having a bug bounty program, a white hat hacker uncovered the issue and claimed the reward. The contract funds were withdrawn.


There were no losses in this case, due to PancakeSwap's bug bounty program.


The lottery would have been more secure if the funds were in an offline multi-signature wallet. The drawing could still be run through the blockchain for process transparency.


Lotteries may also be possible with smart contract insurance.


Check Our Framework For Safe Secure Exchange Platforms

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.