Credit: Original article published by CryptoPotato.

The Binance Smart Chain continues to see some of the projects being built on it exploited. The latest was done by someone who had access to the PancakeSwap admin address.

The Exploit

It’s an age-old problem with smart contracts: randomness. Solidity has no native random function, and all sources of randomness have to be on-chain. Projects use things like block headers, transaction hashes, and more to create legitimate sources of randomness, but none are truly random – they are merely pseudorandom.

This issue has led to exploits in the past, such as the recent Meebits exploit. The PancakeSwap lottery numbers were generated based on certain predictable conditions. The exploiter could use this information to predict the numbers in advance, thus draining the entire pool.

Who Did It, and Why?

The author of this post has provided detailed evidence proving that this may indeed have been foul play from the PancakeSwap admins, given that they created the contract, ‘found’ the exploit, and took the money using their own address.

While it’s true that the admin account did make use of the exploit and drain the funds, the author has a misconception: this was no foul play, and the funds weren’t stolen. While there has been no official statement from the PancakeSwap team on the matter, this event was clearly a white hat removal of funds from the contract, preventing a malicious actor from figuring out the bug and exploiting it.

This is evident, first of all, from the fact that the PancakeSwap admins used their public known address to carry out the exploit. If they wished to drain the funds maliciously, they would have used an anonymous account. Secondly, the funds recovered from the lottery pool are being burned in batches by the admin address.

While an exploit is scary and never a good sign, the handling of this by the team instills some confidence, proving that PancakeSwap is willing to fix issues when necessary (even though they could have trivially taken the morally reprehensible path by stealing user funds).

This article is strictly for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. does not provide investment, tax, legal, business or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any loss or damage caused or alleged to be caused by, or in connection with, the use of or reliance on any content, goods, services or opinions mentioned in this article.

#Bitcoin #Crypto #Cryptocurrency



Comments are closed


Our Other Projects - Premium Domain Names. - Social Network - Mid-century Paris NFTs, tokenized on the WAX blockchain. - Mid-century New York NFTs, tokenized on the Ethereum blockchain and offered on Rarible. - Ultra-Priviate DEX. - Classic Automobile News.