shield Business Logic Flaw

The January 2023 business logic flaw against UPSToken: what went wrong

Q: When did the - UPSToken hack happen?

The - UPSToken exploit was recorded on January 18, 2023 — 1,182 days ago.

Q: What type of exploit hit - UPSToken?

The - UPSToken incident is classified as a Business Logic Flaw. A business-logic bug in the contract — such as an incorrect formula or missing state update — lets the attacker withdraw more than their share.

Q: Which blockchain was - UPSToken deployed on?

The - UPSToken contract was deployed on Ethereum, one of 9 documented incidents on that chain.

Q: How does - UPSToken compare to the largest Business Logic Flaw attack?

The largest business logic flaw incident in our archive is - EulerFinance (2023) at $200M. The - UPSToken loss was not publicly disclosed.

On January 2023, – UPSToken suffered a business logic flaw on Ethereum — the first of 144 documented business logic flaw incidents in our archive where the loss figure was not publicly disclosed but the exploit pattern is documented below.

Attack Mechanics: How the – UPSToken Business Logic Flaw Played Out

Exploit Class Applied to – UPSToken

The – UPSToken incident on January 18, 2023 is classified as a Business Logic Flaw. A business-logic bug in the contract — such as an incorrect formula or missing state update — lets the attacker withdraw more than their share. In the full archive, – UPSToken is 1 of 144 documented business logic flaw incidents.

– UPSToken in Context

The – UPSToken incident joins a class whose largest loss to date is – EulerFinance (2023) at $200M.

Prior Business Logic Flaw Before – UPSToken

The nearest business logic flaw incident before – UPSToken was – BRA, 8 days earlier on January 10, 2023. The same exploit class surfaced again within the business logic flaw attack surface.

Target Chain: Ethereum

The vulnerable – UPSToken contract was deployed on Ethereum — one of 9 documented incidents on Ethereum. This determines the block cadence, mempool, and forensic tooling available to investigators.

Impact & Recovery for – UPSToken

– UPSToken Loss Figure

The loss figure for – UPSToken is not publicly disclosed. The primary source reports the exploit in non-USD terms, so no USD estimate is published here. For reference, the average loss across 144 business logic flaw incidents in our archive is $6.08M.

Timeline Since the – UPSToken Incident

The – UPSToken exploit occurred 3.2 years ago (1,182 days). The contract, its fork-block, and the attack transaction remain on-chain and forensically reproducible.

Primary Reference for – UPSToken

Public post-mortem / on-chain analysis for the – UPSToken incident: view source.

FAQ

How much did – UPSToken lose?

The – UPSToken loss figure is not publicly disclosed. The primary source reports the exploit in non-USD token terms, so no USD estimate is published here.

When did the – UPSToken hack happen?

The – UPSToken exploit was recorded on January 18, 2023 — 1,182 days ago.

What type of exploit hit – UPSToken?

The – UPSToken incident is classified as a Business Logic Flaw. A business-logic bug in the contract — such as an incorrect formula or missing state update — lets the attacker withdraw more than their share.

Which blockchain was – UPSToken deployed on?

The – UPSToken contract was deployed on Ethereum, one of 9 documented incidents on that chain.

How does – UPSToken compare to the largest Business Logic Flaw attack?

The largest business logic flaw incident in our archive is – EulerFinance (2023) at $200M. The – UPSToken loss was not publicly disclosed.

Why is UC-security important for SALRS?

Ensures SALRS's security when composed with other protocols.

What was observed about the return distributions of the analyzed cryptocurrencies?

The return distributions are characterized by heavy tails, indicating a higher probability of extreme outcomes compared to normal distribution.