“Mosca” Token Infinite Withdrawal Vulnerability (BSC)
Status: New Vulnerability Network: BNB Chain (BSC)
Executive Summary ShieldGuard is tracking a new vulnerability reported approximately 2 hours ago involving the Mosca token on the BNB Chain. While initial financial losses are relatively low compared to major protocol exploits, the nature of the bug presents a significant risk for widespread replication by threat actors.
Technical Details: The “Infinite Withdrawal” Loop The vulnerability exists within the exitProgram() function of the Mosca smart contract.
- The Flaw: The contract fails to correctly update the user’s internal balance upon withdrawal.
- The Result: Because the balance does not decrease after a withdrawal, an attacker can repeatedly call the function to execute infinite withdrawals until the contract pool is drained.
Impact Assessment
- Current Losses: Approximately $37,000 has been lost to this exploit so far.
- Copycat Risk: ShieldGuard intelligence indicates that this specific vulnerable code pattern is currently being copied by other scammers to deploy similar attacks on other tokens.
ShieldGuard Advisory Users are advised to cease all interaction with the Mosca token contract on BNB Chain immediately. Due to the high risk of code replication, exercise extreme caution with unverified contracts using similar withdrawal mechanisms.
