01dcat

Posted on Apr 18, 2022Read on Mirror.xyz

The Beanstalk Farms exploited

What happened?

Basically just from two TX

https://etherscan.io/tx/0xd09b72275962b03dd96205f8077fdc08bec87c0ebd07e431aadc760f31f34b01 and

https://etherscan.io/tx/0xcd314668aaa9bbfebaf1a0bd2b6553d01dd58899c508d4729fa7311dc5d33ad7

How

basically this means you can approve a bip when you have enough token 2/3 portion of the tokens

  • a BIP 18 be proposed — what is the BIP 18 — “Give 250,000 bean to Ukraine and 10,000 bean to the proposer.”

https://etherscan.io/address/0x259a2795624b8a17bc7eb312a94504ad0f615d1e#code

  • Flashloan to get enough bean to approve the BIP with emergecyCommit to get the bean out
  • vote for bip 18 + emergencyCommint bip 18
  • HOLD ON, why something will go wrong, let’s look back the creation of the bip 18

proposerWallet 0xe5ecf73603d98a0128f05ed30506ac7a663dbb69 is a smart contract

this smart contract will be called from the bean and can transfer everything(bean,LP) to address 0x1c5dcdd006ea78a7e4783f9e6021c32935a10fb4

https://etherscan.io/tx/0x68cdec0ac76454c3b0f7af0b8a3895db00adf6daaf3b50a99716858c4fa54c6f

A simple steps from https://twitter.com/peckshield

A remarkable note

Yes. 250,000 USDC sent to Ukraine Crypto Donation, thank you hacker why you are getting 182M USD……

Originally published at https://01dcat.notion.site.