Unraveling the $UN Attack: A Flash Loan Exploits Flaw in Token Contract

2 Minutes Read

Daniel Tan

Daniel Tan

Security Operation / Audit


$UN on BSC was attacked by the flash loan with a loss of $26,000

On Jun-06-2023, an unfortunate event unfolded as the decentralized finance (DeFi) project, $UN, on the Binance Smart Chain (BSC), fell victim to a targeted attack involving a flash loan. It is a typical skim attack and resulted in a significant loss of $26,000 and showcased a classic skim attack strategy, leaving the UN-LP pair compromised and the price of $UN soaring. Ultimately, the attacker exploited the situation to maximize their profit before swiftly dumping the $UN token. Join us as we unravel the details and explore the implications of this alarming incident.



Attacking Contract

Attacked Contract

Asset Loss


Attacking Steps

  1. The attacker gets 29,100,000,000,000,001,048,576 BSC-USD by the flash loan from DPPOracle;
  2. Swap 29,100,000,000,000,001,048,576 BSC-USD for 91,391,982,773,176,450,879,376 $UN;
  3. Transfer 84,994,543,979,054,099,317,825 to UN-LP pair;
  4. Call the skim function of the UN-LP pair to send the UN to the attacker. At this point 2,307,601,869,031,318,796,481 $UN are transferred out from the UN-LP pair to the UNStake contract, which results in the price of $UN increased;
  5. Repeat step 3 and step 4 to hugely increase the $UN price;
  6. Finally, swap 55,441,019,173,629,144,550,663 $UN for 55,658,707,032,043,243,002,112 BSC-USD and get the profit of 26,558,707,032,043,241,953,536 BSC-USD

Root Cause

The attack on $UN on BSC can be attributed to an inherent flaw within the $UN token contract. This flaw allowed the attacker to exploit a vulnerability that enabled them to transfer $UN tokens from the UN-LP pair, leading to a significant increase in the price of $UN. This flaw in the token contract essentially provided a gateway for the attacker to manipulate the token's value and execute their malicious intentions.

Key Code



Check on Github 8aXwfFael8Ndd4iYHblSs0KNXte9P0jV5HcYTEYi.webp

The attack on $UN on BSC serves as a stark reminder of the evolving challenges faced by the blockchain industry and the importance of robust security measures. As the crypto ecosystem continues to grow and innovate, it is crucial for developers, investors, and users to remain vigilant and proactive in safeguarding their assets.

While incidents like this can be disheartening, they also provide valuable lessons for the community to learn from, prompting further improvements in security protocols and risk mitigation strategies. Through continued efforts in research, development, and education, the blockchain industry can strive towards creating a more secure and resilient ecosystem that empowers individuals and organizations to leverage the transformative potential of blockchain technology.

Keep tuned, stay secure.

About Us

At MetaTrust, our primary focus is on creating a secure infrastructure that caters to the needs of developers in the WEB 3.0 space. We offer an array of AI-Driven automation tools and security services to assist Web3 developers and project stakeholders in achieving a secure development environment.

Website || Twitter || MetaScan for FREE

Share this article