Pinned
lilitch
275 posts
- @starsarenacom, you fucked up 1.1 million dollars are being drained right now because of noob devs who couldn't make a copy of Friend.tech that will work properly If you hold ANY SHARES in StarsArena you should sell while you still can read nextโฌ๏ธ
- I've looked at the exploit tx and UNVERIFIED @starsarenacom contract and as far as I understand this happend (might be totally wrong tho I'm a noobie): They added a bunch of unnecessary function to the code that regular user will not ever touch and because the contract is not
- Replying to @0xlilitchAnd the saddest part is that exploiters ARE BURNING ~80% of AVAX they get Because they want to extract as much money as possible -> blocks are full -> gas price is rising and it will not stop until the contract is EMPTY R.I.P๐ฏ๏ธ @starsarenacom
- My thread about @starsarenacom got a lil hype and some people are saying that I'm just fudding, so I just sold 0 of my own shares and got 0.0036+0.00028 AVAX for it tx: snowtrace.io/tx/0x40cb37900โฆ read next โฌ๏ธ
- Replying to @0xlilitchSo how is the contract getting drained right now? THEIR getPrice() FUNCTION IS BROKEN You can sell 0 shares and get AVAX. Yep. You can do this right now and it will work. But where do this extra AVAX come from? read next โฌ๏ธ
- Replying to @0xlilitchWhen people buy shares -> AVAX goes TO contract When people sell shares -> AVAX goes FROM contract TO their wallet This means that when all funds are drained YOU WILL NOT BE ABLE TO SELL SHARES And now it's being exploitet by tens of users read next โฌ๏ธ
- Replying to @0xlilitchof course, it is NOT profitable now, at 3x of normal Avalanche gas price of 25 gwei, but at start exploiters would pay 0.0024 AVAX as tx fee and get 0.00388 AVAX per ONE SELL - > 0.015$/call and they did 200+ sell per block have a nice life everyone and don't get angry easily
- Replying to @TheArena and @starsarenacomnah fam it's just coordinated FUD malicious actors are spending 30 mil to burn your 3 mil
- So my idea got partly confirmed by big guys, good to know Really hope that devs are honest and just unskillful and this was not an inside hackOur initial analysis on today's @starsarenacom $2.9M hack indicates a reentrancy issue on the Stars Arena: Shares contract at snowtrace.io/address/0xa481โฆ The reentrancy is abused to update the weight when the share/ticket is issued so that 1 share can be sold at a much higher price
