PANews reported on April 22 that Web3 security company GoPlus said on the X platform that on April 16, the DeFi project R0AR (@th3r0ar) on Ethereum was stolen about $780,000 due to a contract backdoor. The project released an incident report today (the report indicated that the funds have been recovered, but the address and transaction hash have not yet been made public). This is a typical contract backdoor incident, reminding users to be careful to prevent the backdoor contract (0xBD2Cd7) and not to interact with the contract.
The contract (R0ARStaking) was backdoored when it was deployed. The malicious address (0x8149f) had a large amount of $1R0R built in for withdrawal from the beginning. The malicious address first performed a small amount of deposit() and harvest(), and prepared to execute the malicious EmergencyWithdraw(). According to the code logic in the contract (as shown in the figure below), because rewardAmount>r0arTokenBalance (contract balance), rewardAmount was assigned to the token balance in the contract, and then all tokens in the contract were transferred to the malicious address (0x8149f). Similarly, all lpTokens in the LP Token contract were also transferred to the malicious address. Finally, userInfo.amount was set to 0. The userInfo in the contract is a Mapping structure, and its address is a dynamic address calculated by the Hash of the key (uid and msg.sender) of userInfo. It can be inferred that the backdoor was calculated using the malicious address before the contract was deployed.
