Post Incident Review — BIST Single Asset Staking (BinanceSmartChain) security breach

Last Saturday night, May 7th (2022–05–07 09:20 PM +UTC) an attack took place on one of our staking contracts. The attacker has utilized a combination of different events. With these events the attacker exploited our single asset staking contract on the Binance Smart Chain. The other staking contracts are not affected and are not at risk.

Analysis of Breach

Image 1: The exploited function in our contract
Image 2: The event-tree of the attack

Damages & Lost funds

Reimbursement program for affected community members

Reinstating the BSC Staking Program

Organizational & Process improvements for prevention

--

--

Bistroo is a peer-to-peer marketplace for food & beverages, powered by the BIST Token🍔🥙🥃

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Bistroo

Bistroo is a peer-to-peer marketplace for food & beverages, powered by the BIST Token🍔🥙🥃