QI Quadriga Initiative

Apr 2024 - FENGSHOU (NGFS) DelegateCallReserves Attack - $190k (Global)

"Shortly after the deployment of the FENGSHOU (NGFS) token, it was attacked, resulting in a loss of approximately $191,000. The vulnerability lies in a public `delegateCallReserves` function which allows the attacker to set an arbitrary address to a UniSwapV2 proxy."

"The FENGSHOU (NGFS) Token was hacked shortly after deployment. The attack was a simple 3-step process which was possible because the deployer didn't initialize the contract properly.

1. The attacker called `delegateCallReserves` which sets the uniswapV2Proxy to msg.sender."

"2. Then it was easy for the attacker to set the `_uniswapV2Library` to any address he wants and to be able to call the third critical function."

"3. The `reserveMultiSync` allowed him to sync(transfer) all of the funds from the PancakeSwap BSC-USD - NGFS pool to his address. And just like that ~$191k has been affected."

"The data of the token and the pair are no longer updated as the token is SCAM" "Very high start liquidity, it looks like a scam!"

Further Analysis

It is unclear the intent behind the launch of the NGFS (FENGSHOU) token, however it most likely wasn't to give an attacker full access to take all of the liquidity. A couple days after the token launched on April 23rd, an exploit took advantage of a delegateCallReserves vulnerability, which allowed the attacker to set whatever library smart contract he wanted, including a malicious one which transferred all the liquidity to themselves.

How Could This Have Been Prevented?

More Cryptocurrency Exchange Hacks/Scams/Frauds

Pike Finance USDC Withdrawal Vulnerability > > < < IO.NET Fake Ethereum Token

Sources/Further Reading

SlowMist Hacked - SlowMist Zone (Dec 31)
@ddimitrovv22 Twitter (Dec 31)
FENGSHOU (NGFS) Price Today | Real-Time On-Chain Metrics | Moralis Money | Discover & Trade Undervalued Altcoins (Dec 31)
$0.{3}1704 | تبديل FENGSHOU (NGFS) بمحفظة Bitget | NGFS السعر والمخطط البياني | محفظة Bitget (Dec 31)
StandardToken | Address 0xe8a11cb7671ebcb9bcaeedad449fe02683b585d6 | BscScan (Dec 31)
BNB Smart Chain Transaction Hash (Txhash) Details | BscScan (Dec 31)
BNB Smart Chain Transaction Hash (Txhash) Details | BscScan (Dec 31)
NGFSToken | Address 0xa608985f5b40cdf6862bec775207f84280a91e3a | BscScan (Dec 31)
FENGSHOU (NGFS) Token Smart Contract | Binance (BNB) Smart Chain Mainnet (Dec 31)
FENGSHOU (NGFS) - SCAM. Do not buy this token! (Dec 31)
NGFS/USDT Real-time On-chain PancakeSwap v2 (BSC) DEX Data (Dec 31)
https://www.immunebytes.com/blog/list-of-crypto-hacks-in-the-month-of-april/ (Dec 31)
BNB Smart Chain Transaction Hash (Txhash) Details | BscScan (Dec 31)
@ImmuneBytes Twitter (Dec 31)

Join Us!

 Name: Email:
t.me/QuadrigaInitiative /r/QuadrigaInitiative @QuadrigaInit info@quadrigainitiative.com
Sign-Ups: 100%

Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected User. For questions or enquiries, email info@quadrigainitiative.com.