shield Business Logic Flaw

How attackers exploited STRAC in June 2023 (business logic flaw)

Q: When did the STRAC hack happen?

The STRAC exploit was recorded on June 27, 2023 — 1,022 days ago.

Q: What type of exploit hit STRAC?

The STRAC incident is classified as a Business Logic Flaw. A business-logic bug in the contract — such as an incorrect formula or missing state update — lets the attacker withdraw more than their share.

Q: How common is the Business Logic Flaw pattern seen at STRAC?

Our archive contains 144 documented business logic flaw incidents. The STRAC incident is one of them.

Q: How does STRAC compare to the largest Business Logic Flaw attack?

The largest business logic flaw incident in our archive is - EulerFinance (2023) at $200M. The STRAC loss was not publicly disclosed.

On June 2023, STRAC suffered a business logic flaw — the first of 144 documented business logic flaw incidents in our archive where the loss figure was not publicly disclosed but the exploit pattern is documented below.

Attack Mechanics: How the STRAC Business Logic Flaw Played Out

Exploit Class Applied to STRAC

The STRAC incident on June 27, 2023 is classified as a Business Logic Flaw. A business-logic bug in the contract — such as an incorrect formula or missing state update — lets the attacker withdraw more than their share. In the full archive, STRAC is 1 of 144 documented business logic flaw incidents.

STRAC in Context

The STRAC incident joins a class whose largest loss to date is – EulerFinance (2023) at $200M.

Prior Business Logic Flaw Before STRAC

The nearest business logic flaw incident before STRAC was SHIDO, 4 days earlier on June 23, 2023. The same exploit class surfaced again within the business logic flaw attack surface.

Impact & Recovery for STRAC

STRAC Loss Figure

The loss figure for STRAC is not publicly disclosed. The primary source reports the exploit in non-USD terms, so no USD estimate is published here. For reference, the average loss across 144 business logic flaw incidents in our archive is $6.08M.

Timeline Since the STRAC Incident

The STRAC exploit occurred 2.8 years ago (1,022 days). The contract, its fork-block, and the attack transaction remain on-chain and forensically reproducible.

Primary Reference for STRAC

Public post-mortem / on-chain analysis for the STRAC incident: view source.

FAQ

How much did STRAC lose?

The STRAC loss figure is not publicly disclosed. The primary source reports the exploit in non-USD token terms, so no USD estimate is published here.

When did the STRAC hack happen?

The STRAC exploit was recorded on June 27, 2023 — 1,022 days ago.

What type of exploit hit STRAC?

The STRAC incident is classified as a Business Logic Flaw. A business-logic bug in the contract — such as an incorrect formula or missing state update — lets the attacker withdraw more than their share.

How common is the Business Logic Flaw pattern seen at STRAC?

Our archive contains 144 documented business logic flaw incidents. The STRAC incident is one of them.

How does STRAC compare to the largest Business Logic Flaw attack?

The largest business logic flaw incident in our archive is – EulerFinance (2023) at $200M. The STRAC loss was not publicly disclosed.

What are the main findings regarding the ESG index and stock returns?

ESG information is not timely received by the market, and stock price variability is driven by other factors.

What does the term 'BaaS' stand for in the context of smart buildings?

Building as a Service.