On the eighth of September, 2022, Ragnarok On-line Invasion (ROI), a cryptocurrency deployed on the Binance Good Chain (BSC BEP-20), skilled a big safety breach.
This incident, which resulted within the theft of roughly 158 BNB, was attributed to a important entry management vulnerability throughout the possession switch perform of the ROI contract.
About ‘Ragnarok Online Invasion’ (ROI)
Ragnarok On-line Invasion (ROI) is a digital token designed to symbolize the rising GameFi and NFT online game titled “Ragnarok Online.” Working on the Binance Good Chain (BSC BEP-20), ROI has gained prominence throughout the blockchain gaming group.
Vulnerability Evaluation & Impression
The breach in query stemmed from a comparatively simple entry management situation. Particularly, the contract lacked important entry controls such because the “OnlyOwner” modifier or “onlyAdmin” restrictions to safeguard in opposition to malicious actors accessing the transferOwnership perform. A portion of the weak code is introduced under:
Token Contract: 0xE48b75dc1b131fd3A8364b0580f76eFD04cF6e9c
Hacker Add: 0x91b7F203ED71C5eCCF83b40563e409D2F3531114
The attacker initiated the breach by invoking the OwnershipTransferred perform, effortlessly transferring possession of the contract to the tackle “0x158af3d23d96e3104bcc65b76d1a6f53d0f74ed0.”
- The attacker executed a sequence of transactions
- Exchanged ROI tokens for BUSD tokens
- Transformed BUSD tokens into BNB tokens
Lastly, the attacker invoked the withdrawal perform efficiently, ensuing within the withdrawal of roughly 162.5 BNB, equal to roughly $47,384.
Hacker’s Pockets for Transferring Stolen Funds
Compromised ROI token contract
The Aftermath of the Exploit
Following the safety breach, the ROI token’s worth plummeted by practically 99%.
This safety incident underscores the significance of implementing sturdy entry management mechanisms. Though the venture did incorporate an “onlyOwner” modifier throughout the contract, it was not successfully employed throughout the transferOwnership features, finally enabling this assault to transpire.
The addition of the “onlyOwner” modifier to the transferOwnership perform might have successfully mitigated this breach.
In conclusion, the Ragnarok On-line Invasion (ROI) hack of September 7, 2022, serves as a cautionary story highlighting the need of stringent safety practices and vigilant oversight throughout the blockchain house. The exploitation of an entry management vulnerability resulted in vital monetary losses and a extreme devaluation of the ROI token.
It’s crucial for blockchain tasks to repeatedly prioritize safety and conduct thorough code audits to stop such incidents sooner or later.
Date: 2023-08-16 04:25:00