This is a demo to replay the Elephant Money exploit happened on Apr-12-2022
https://bscscan.com/tx/0xec317deb2f3efdc1dbf7ed5d3902cdf2c33ae512151646383a8cf8cbcd3d4577
npm install
npx hardhat run scripts/execute.jsTrace the transacition with blocksecteam - https://versatile.blocksecteam.com/tx/bsc/0xec317deb2f3efdc1dbf7ed5d3902cdf2c33ae512151646383a8cf8cbcd3d4577
The following steps were executed
- flash loan 130162 WBNB from USDT-WBNB pair
- flash loan 1000 WBNB from CAKE-WBNB pair
- flash loan 91,035,000 BUSD from USDT-BUSD pair
- swap 131,162 WBNB to roughly 34,244,200,239,512 Elephant
- mint 90,124,650 Trunk with 91,035,000 BUSD
- swap 34,244,200,239,512 Elephant to 163,782 WBNB
- swap 45,000 Truck to 44,156 BUSD
- redeem 90,079,650 Truck, which convert to 66,884,140.125 BUSD and 64,450,397,440,228 Elephant
- swap 64,450,397,440,228 for 36987 WBNB
- (Repeat the cycle from step 4-9)
- swap 52,998 BNB for 24,106,703 BUSD
- swap 79,013 BNB for 68,093,973,678,035 Elephant
- mint 43,999,691.67 TRUNK with 44,444,133 BUSD
- swap 68,093,973,678,035 elephant for 96,715 BNB
- redeem 43,999,691 TRUNK to 32,669,771 BUSD and 140,806,533,635,790 Elephant
- swap 140,806,533,635 for 21,701 BNB
- swap to 12,002,859 BUSD with 28,268 BNB
- return 91,263,497.85 BUSD to USDT-BUSD pair
- return 1,002.51 BNB to CAKE-WBNB pair
- return 130,488.70662 BNB to USDT-WBNB pair
There are several reasons that make this exploit possible.
- This is a typical price manipulatio exploit, the exploiter buy 131,162 BNB worth of Elephant and mint Trunk with more than 91M USD, in which internally 25% of 91M bought Elephants one of TRUNK backed token, this push up the price of Elephant further up and allow the exploiter to swap their Elephant for 163,782, making a profit of more than 30000 BNB compared with the initial buy of 131,162 BNB.
- the redeem process also give the exploiter an opportunity to redeem TRUNK to a nearly 90% value of backed assets including 75% of BUSD and 25% of Elephant.
This codebase is for demonstration purposes only