DeFi project R0AR recently suffered a theft of approximately $780000 due to contract backdoors

Web3 security company GoPlus announced on X platform that on April 16th, the DeFi project R0AR (@ th3r0ar) on Ethereum was stolen approximately $780000 due to a contract backdoor. The project team released an incident report today (the report stated that the funds have been recovered, but the address and transaction hash have not yet been disclosed). This is a typical contract backdoor event. Users are reminded to pay attention to preventing backdoor contracts (0xBD2Cd7) and not to interact with them in any way. The contract (R0ARStaking) left a backdoor during deployment, and the malicious address (0x8149f) had a large amount of $1R0R built-in for extraction from the beginning. The malicious address first performed small deposits () and harvests (), and prepared for the execution of malicious EmergenceWithdraw(). According to the code logic in the contract (as shown in the figure below), because rewardAmount>; R0arTokenBalance (contract balance), so rewardAmount is assigned to the token balance in the contract, and then all tokens in the contract are transferred to a malicious address (0x8149f), Similarly, all lpTokens in the LP Token contract were also transferred to malicious addresses. Finally, set userInfo.amount to 0. The userInfo in the contract is a Mapping structure, and its address is a dynamic address calculated through the key (uid and msg. sender) Hash of userInfo. Therefore, it can be inferred that the backdoor was calculated using malicious addresses before the contract deployment.