The DeFi project R0AR had a backdoor in its Ethereum contract, leading to a theft of approximately 780 thousand USD. The incident occurred on April 16, and Web3 security company GoPlus disclosed it on the X platform on April 22. According to the accident report released by the project team, the funds have been recovered, but the related addresses and transaction hashes have not yet been made public. The attacker exploited the backdoor address present during contract deployment by executing a malicious EmergencyWithdraw() function, transferring all tokens and LP tokens from the contract, and ultimately zeroing out the amounts in user information. This incident serves as a reminder for users to be wary of backdoor contracts (address 0xBD2Cd7) and avoid interacting with them.

PANews reported on April 22 that Web3 security company GoPlus said on the X platform that on April 16, the DeFi project R0AR (@th3r0ar) on Ethereum was stolen about $780,000 due to a contract backdoor. The project released an incident report today (the report indicated that the funds have been recovered, but the address and transaction hash have not yet been made public). This is a typical contract backdoor incident, reminding users to be careful to prevent the backdoor contract (0xBD2Cd7) and not to interact with the contract.
 The contract (R0ARStaking) was backdoored when it was deployed. The malicious address (0x8149f) had a large amount of $1R0R built in for withdrawal from the beginning. The malicious address first performed a small amount of deposit() and harvest(), and prepared to execute the malicious EmergencyWithdraw(). According to the code logic in the contract (as shown in the figure below), because rewardAmount&gt;r0arTokenBalance (contract balance), rewardAmount was assigned to the token balance in the contract, and then all tokens in the contract were transferred to the malicious address (0x8149f). Similarly, all lpTokens in the LP Token contract were also transferred to the malicious address. Finally, userInfo.amount was set to 0. The userInfo in the contract is a Mapping structure, and its address is a dynamic address calculated by the Hash of the key (uid and msg.sender) of userInfo. It can be inferred that the backdoor was calculated using the malicious address before the contract was deployed.

DeFi project R0AR's Ethereum contract backdoor led to $780 thousand being stolen, funds have been recovered