Four_meme遭受针对UNISWAP V3的流动性池的黑客攻击，损失了$ 183K

Four_meme项目最近在加密货币领域遭受了严重破坏，估计损失了183,000美元。

Four_Meme project recently encountered a serious breach in the cryptocurrency space, leading to an estimated loss of $183,000. The attack targeted a vulnerability in the Uniswap V3 mechanism, which allows users to create liquidity pools and set prices in advance. The assailant exploited this oversight in a series of well-planned steps, ultimately causing significant financial damage to the project.

Four_meme项目最近在加密货币领域遇到了严重的违规行为，估计损失了183,000美元。该攻击针对Uniswap V3机制中的脆弱性，该机制使用户可以创建流动性池并提前设定价格。袭击者通过一系列精心计划的步骤利用了这一监督，最终造成了对该项目的重大财务损失。

How the Attack Unfolded

攻击是如何展开的

The method of attack hinged on a flaw in the Four_Meme contract’s handling of liquidity and token prices. The project’s tokens were initially acquired by the attacker at a very low price. They were purchased before any liquidity was added to PancakeSwap, a decentralized exchange where our tokens trade. This gave the attacker two advantages. First, they obtained our tokens at a ridiculously low price. Second, had they held onto those tokens, they would have likely netted a much higher price after liquidity got added to the decentralized exchange.

攻击方法取决于Four_meme合同处理流动性和代币价格的缺陷。该项目的代币最初是由攻击者以非常低的价格收购的。它们是在将任何流动性添加到pancakeswap之前购买的，这是我们令牌贸易的分散交易所。这给了攻击者两个优势。首先，他们以荒谬的价格获得了我们的令牌。其次，如果他们抓住那些代币，在将流动性添加到分散的交换中后，他们可能会净价更高。

In the next step, the attack moved on to creating a trading pair pool on PancakeSwap in a preemptive way. The attacker took the low-price tokens and paired them with WBNB (Wrapped Binance Coin). Yet there was one important detail in this step: the price of the token was set at an extraordinarily high rate. This price manipulation was not an oversight. It was a calculated move that took advantage of the way Uniswap V3 allows for the creation of liquidity pools at predetermined prices.

在下一步中，攻击以先发制人的方式在pancakeswap上创建一个交易对池。攻击者将低价代币与WBNB（包裹的binance硬币）配对。然而，此步骤有一个重要的细节：令牌的价格以极高的速度设定。这种价格操纵不是监督。这是一个计算出的举动，它利用了Uniswap V3允许以预定价格创建流动性池的方式。

Once they had set up the costly trading pair, the attacker bided their time and let the project in question launch. When the liquidity was injected into the PancakeSwap pool, the attacker struck. Using a bot, they added more liquidity to the pool, but at a much higher price, thus pushing the price of the token higher, and we do mean much higher.

一旦建立了昂贵的交易对，攻击者就会浪费时间，并让该项目启动。当将流动性注入煎饼库池中时，攻击者袭击了。使用机器人，他们为池中增加了更多的流动性，但价格更高，从而提高了代币的价格，我们的意思确实更高。

The last part of the step was when the attacker disposed of the tokens they had acquired at the low price, now at the inflated price they had set earlier. They sold off the tokens and profited substantially from the difference between the low acquisition price and the inflated sale price.

步骤的最后一部分是，攻击者以低价获取了他们获得的代币，现在以较早的价格夸大了。他们卖掉了代币，并从低获取价格和膨胀销售价格之间的差额中获得了大量利润。

Exploiting the Uniswap V3 Mechanism

利用UNISWAP V3机制

This attack was directed at the Uniswap V3 protocol and how it operates. Uniswap V3 provides a nifty feature that allows liquidity providers (LPs) to specify custom price ranges for the pools they’re providing liquidity to. This is good and well, as it allows LPs to concentrate their capital in the price ranges that are most conducive to their business. However, this feature also allows an LP with bad intentions (like our friend “0x8aa”) to create a price range that’s super conducive to hoodwinking token buyers and sellers—to create a setup that allows them to peg a token price at some artificial range, for instance.

此攻击针对UNISWAP V3协议及其运作方式。 UNISWAP V3提供了一个漂亮的功能，可允许流动性提供商（LP）指定他们提供流动性的游泳池的自定义价格范围。这很好，而且很好，因为它允许LP将其资本集中在最有利于其业务的价格范围内。但是，此功能还允许具有不良意图的LP（例如我们的朋友“ 0x8AA”）创建一个非常有利于蒙受欺骗的代币买家和卖家的价格范围，可以创建一个设置，使他们可以在某些人造范围内将其销售， 例如。

In this instance, the mechanism was fully exploited by the attacker, who set up a not-so-simple scenario that artfully created a token price that was totally inflated. The price was artificially pumped up—via a setup that was not quite as simple as it seemed—before any of the project’s liquidity was made available. By the time the actual liquidity was added and the price “settled,” the attackers had already made off with profits amounting to 100 percent of the artificially boosted price of the token.

在这种情况下，攻击者完全利用了该机制，后者建立了一种不太简单的情况，该场景巧妙地创造了一个完全夸大的代价价格。价格是人为地泵起来的 - VIA的设置不像看起来那样简单的设置 - 在任何项目的流动性都可以使用之前。到添加实际流动性并且价格“达成和解”时，攻击者已经以利润为代币人为提高价格的100％。

This attack type is especially worrisome for projects and investors, revealing design and implementation weaknesses in liquidity pools on decentralized exchanges such as PancakeSwap. These platforms may allow for decentralized trading opportunities, but they also present new risks, especially when the protocols that underlie them fail to mitigate the possibility of price manipulation.

这种攻击类型对于项目和投资者来说尤其令人担忧，揭示了分散的交流（例如PancakesWap）在流动性池中的设计和实施弱点。这些平台可能允许分散的交易机会，但它们也带来了新的风险，尤其是当其基础协议无法减轻价格操纵的可能性时。

Four_Meme Attack Highlights DeFi Vulnerabilities

four_meme攻击突出显示defi漏洞

The Four_Meme attack is not an isolated incident but part of a larger trend in which decentralized protocols are being targeted for financial gain. As DeFi platforms achieve greater traction, they have become enticing targets for malicious actors who are looking to exploit any vulnerability, whether that be a smart contract, liquidity pool setup, or price setting mechanism.

Four_meme攻击不是一个孤立的事件，而是一个更大趋势的一部分，在该趋势中，分散协议的目标是为了经济利益。随着Defi平台获得更大的吸引力，他们已成为希望利用任何漏洞的恶意行为者的诱人目标，无论是智能合约，流动性池设置还是价格设定机制。

The Four_Meme team could take the recent attack on their project’s smart contract as a wake-up call to rethink not just their management of liquidity pools but also, and more importantly, their security protocols in general. If the smart contract for a project can be hacked, then the project itself can be said to have a security hole as large as the one in the National Security Agency’s Fort Meade, Maryland, headquarters that was famously penetrated by a couple of high school kids in 1999.

Four_meme团队可以将最近对项目的智能合约的攻击作为唤醒呼吁，不仅重新考虑他们对流动性池的管理，而且更重要的是，他们的安全协议总体上。如果可以将项目的智能合同被黑客入侵，那么可以说该项目的安全漏洞与国家安全局米德堡（Maryland）的米德堡（Fort Meade）中的总部一样大，该总部被几个高中生渗透了1999年。

The DeFi space keeps evolving, and projects and investors alike need to be on their toes regarding the potential system vulnerabilities. The Four_Meme attack serves as a costly reminder that a single misstep in managing liquidity and price settings can yield significant losses. This incident also underscores that, in the fast-moving world of cryptocurrency, security must always be front of mind and never an afterthought.

Defi空间不断发展，项目和投资者都需要在潜在系统脆弱性方面掌握其脚趾。 Four_meme攻击是一个昂贵的提醒，即管理流动性和价格设置的单个失误可以造成巨大的损失。这一事件还强调了，在加密货币的快速发展世界中，安全必须始终是头脑的，并且永远不会是事后的想法。