Here i will share my tools, no sources, no codes but only illustrations.
I will show what i build, currently the tools are not for sale but never say never :)
I will show what i build, currently the tools are not for sale but never say never :)
❤3
Wizzy's Tools pinned «Here i will share my tools, no sources, no codes but only illustrations. I will show what i build, currently the tools are not for sale but never say never :)»
SECURITY ALERT for DXSale Presale Vulnerability
We analyzed the DXSale presale smart contract and found a critical vulnerability that puts investors' funds at risk.
WHAT IS THE BUG?
Every DXSale presale has a softcap with a minimum fundraising threshold. If the softcap is not reached, investors are entitled to a full refund.
However, the presale contract contains a hidden function called forceSucceed() that allows the project team to mark the presale as "successful" regardless of how much was actually raised; completely bypassing the softcap protection.
HOW IT WORKS:
1. Presale runs below softcap
2. Team calls forceSucceed() via a raw transaction (selector: 0x422099b2)
3. Presale is marked as succeeded
4. All refunds are permanently blocked
5. Team finalizes and withdraws the collected funds
6. Investors receive fewer tokens than expected at a recalculated rate
WHY INVESTORS CAN'T SEE IT
DXSale presale contracts are NOT verified on BscScan. Investors cannot read the source code or know that forceSucceed() exists.
The team however can execute it in under 30 seconds through MetaMask using a simple raw transaction.
REAL CASE STUDY
Contract: 0x53279574B490b8A5edcAA1693F6A7Fe44ADB7b1F (BSC) (nothing against the team of this project i only use them as example)
Softcap: 2 BNB and Hardcap: 4 BNB
Raised: 2.07 BNB
Status: Concluded normally
This presale ended legitimately but the vulnerability was present and investors had no way to know the risk they were taking.
HOW TO PROTECT YOURSELF
Only invest in presales with verified contracts on BscScan
Before contributing, check that the contract has no admin override functions
Avoid presales where the source code is hidden
Ask the team to verify the contract before investing
THE FIX
DXSale should either remove forceSucceed() entirely or add a mandatory check:
require(totalRaised >= softcap, "Softcap not reached");
Presale success should be determined automatically by on-chain data only but never by a team-controlled function.
This finding was identified through smart contract bytecode analysis as part of a responsible disclosure audit. No funds were exploited. Our goal is to educate investors and push platforms to build safer tools.
Stay safe
We analyzed the DXSale presale smart contract and found a critical vulnerability that puts investors' funds at risk.
WHAT IS THE BUG?
Every DXSale presale has a softcap with a minimum fundraising threshold. If the softcap is not reached, investors are entitled to a full refund.
However, the presale contract contains a hidden function called forceSucceed() that allows the project team to mark the presale as "successful" regardless of how much was actually raised; completely bypassing the softcap protection.
HOW IT WORKS:
1. Presale runs below softcap
2. Team calls forceSucceed() via a raw transaction (selector: 0x422099b2)
3. Presale is marked as succeeded
4. All refunds are permanently blocked
5. Team finalizes and withdraws the collected funds
6. Investors receive fewer tokens than expected at a recalculated rate
WHY INVESTORS CAN'T SEE IT
DXSale presale contracts are NOT verified on BscScan. Investors cannot read the source code or know that forceSucceed() exists.
The team however can execute it in under 30 seconds through MetaMask using a simple raw transaction.
REAL CASE STUDY
Contract: 0x53279574B490b8A5edcAA1693F6A7Fe44ADB7b1F (BSC) (nothing against the team of this project i only use them as example)
Softcap: 2 BNB and Hardcap: 4 BNB
Raised: 2.07 BNB
Status: Concluded normally
This presale ended legitimately but the vulnerability was present and investors had no way to know the risk they were taking.
HOW TO PROTECT YOURSELF
Only invest in presales with verified contracts on BscScan
Before contributing, check that the contract has no admin override functions
Avoid presales where the source code is hidden
Ask the team to verify the contract before investing
THE FIX
DXSale should either remove forceSucceed() entirely or add a mandatory check:
require(totalRaised >= softcap, "Softcap not reached");
Presale success should be determined automatically by on-chain data only but never by a team-controlled function.
This finding was identified through smart contract bytecode analysis as part of a responsible disclosure audit. No funds were exploited. Our goal is to educate investors and push platforms to build safer tools.
Stay safe
👍2