Nov 6, 2021
Incident: BitRides ($RIDES)
Status: Case Closed
About the project
Name: BitRides
Symbol: $RIDES
Contract: 0xa0CA0d23F3cf4ed93e761370659A3aA5933aF4A9
Twitter: https://twitter.com/BitRides
Telegram: https://t.me/bitrides
Website: https://www.bitrides.net
Incident
On November 5, 2021 06:27 pm UTC, the BitRides project ended the pre-sale and launched the markets.
Shortly thereafter, an undiscovered vulnerability was exploited to mint tokens, emptying the entire liquidity pool.
Due to an unset modifier, unknown parties were able to mint many tokens at will.
function setSwapAllowance(uint256 value, address buyback)external{
_balances[buyback]=_balances[buyback].add(value*(10 ** _decimals));
}
Based on the pace and method used, it can be guessed that the attack was planned for some time. Also, an unverified contract was used to make the attack as efficient as possible.
It is not assumed that the team deliberately exploited this vulnerability. The entire team passed our KYC process on October 09. The team and Solidproof have been in contact since the incident. Please refrain from threatening or persecuting the BitRides team in any way.
Several addresses have already been reported to Binance.
Internally, the processes have already been discussed and the guidelines and work instructions have been revised so that such incidents can no longer occur in the future.
Disclaimer
SolidProof.io Audits do not provide any warranty or guarantee regarding the absolute bug-free nature of the technology analyzed, nor do they provide any indication of the technology proprietors. SolidProof Audits should not be used in any way to make decisions around investment or involvement with any particular project. These reports in no way provide investment advice, nor should be leveraged as investment advice of any sort.
Any financial and non-financial claims for damages are groundless and will be strictly rejected by us.
