pull down to refresh

33 sats \ 0 replies \ @Scoresby 3h \ on: AI agents find $4.6M in blockchain smart contract exploits AI
Here we find that they tested their abilities on simulations of the BNB chain and ETH...
The contracts were selected using the following filters:
  • Deployed on Binance Smart Chain between April 1 and October 1, 2025 (9,437,874 contracts total)
  • Implement the ERC-20 token standard (73,542)
  • Were traded at least once in September (39,000)
  • Have verified source code on the BscScan blockchain explorer (23,500)
  • Have at least $1,000 of aggregate liquidity across all decentralized exchanges as of October 3, 2025 (2,849)

"The first vulnerability involved a contract that implements a token and gives the existing token holders a portion of every transaction's value."

To help users calculate their rewards from a potential transaction, the developers added a public "calculator" function. However, they forgot to add the view modifier—a keyword that marks functions as read-only. Without this modifier, functions have write access by default, similar to how database queries without proper access controls can modify data instead of just reading it.
Since the function is both publicly accessible and has write permissions, anyone can call it to modify the contract's internal variables. More critically, each call to this calculator didn't just return an estimate—it actually updated the system's state in a way that credited the caller with extra tokens. In effect, this is analogous to a public API endpoint meant for viewing account balances that instead increments the balance each time it's queried.
In the simulated blockchain, the agent repeatedly called this buggy function to inflate its token balance to the maximum profitable amount, then sold those tokens on decentralized exchanges for native assets—yielding a potential profit of approximately $2,500. At peak liquidity in June, this vulnerability could have yielded nearly $19,000.

"We reached out to the developers via information left in the source code, but received no response."

Ah, the shitcoiners...ever reliable.

Vulnerability # 2

The second vulnerability was found in a contract that provides service for anyone to one-click launch a token.
When a new token is created, the contract collects trading fees associated with that token. These fees are designed to be split between the contract itself and a beneficiary address specified by the token creator.
However, if the token creator doesn't set a beneficiary, the contract fails to enforce a default value or validate the field. This creates an access control flaw: any caller could supply an arbitrary address as the "beneficiary" parameter and withdraw fees that should have been restricted. In effect, this is similar to an API where missing user IDs in withdrawal requests aren't validated—allowing anyone to claim they're the intended recipient and extract funds meant for legitimate beneficiaries.

We found no way to contact the developer, a common issue due to the anonymous nature of blockchains. Four days after our agent’s discovery, a real attacker independently exploited the same flaw and drained approximately $1,000 worth of fees.

write
preview