White Eagle withdraw drain via spot-price-based WEGL payout

On 2026-05-07 08:14:47 UTC, the White Eagle withdrawal contract on BNB Chain was exploited through a spot-price manipulation logic flaw in its withdrawal path. The attacker used an orchestrator plus 11 helper contracts to call withdraw() repeatedly, then sold each WEGL payout into the WEGL/USDT PancakeSwap pool before the next withdrawal repriced the same USD-denominated balance into even more WEGL. The withdrawal contract lost 9888.680557825521425533 WEGL, while the profit receiver collected 65645.944170470965224333 USDT. In short, the contract converted internal USD balances into WEGL using a live AMM quote, so each same-transaction dump made subsequent withdrawals overpay in WEGL.

Root Cause

Vulnerable Contract

White Eagle withdrawal contract at 0x0079517e4157f95cefda99d295fd74fc9b9896eb on BNB Chain. It is not a proxy per the planner stage. Source type: verified at artifacts/analysis_0x538c8964c841369bee9fd52d3ad87de9202fd182caaa32acf58095d02f6b359d/0x0079517e4157f95cefda99d295fd74fc9b9896eb/weglcontract.sol.

Vulnerable Function

withdraw() (0x3ccfd60b) in weglcontract.sol, with pricing delegated to getWeglAmountFromUsd(uint256).

Vulnerable Code

function withdraw() public nonReentrant {
    User storage user = users[msg.sender];
    require(user.isExist, "User not exist");

    uint256 roiPending = _calculatePendingROI(msg.sender);
    uint256 levelPending = _calculatePendingLevelIncome(msg.sender); 
    uint256 uplinePending = _calculatePendingUplineIncome(msg.sender);

    if (roiPending > 0) {
        user.earnedFromRoi += roiPending;
        _distributeRoiToInvestments(msg.sender, user);
    }
    if (levelPending > 0) {
        user.earnedFromLevel += levelPending;
        user.accumulatedLevelIncome = 0; 
        emit LevelIncome(msg.sender, levelPending);
    }
    if (uplinePending > 0) {
        user.earnedFromUpline += uplinePending;
        emit UplineIncome(msg.sender, uplinePending);
    }

    user.lastLevelWithdraw = block.timestamp;
    user.lastUplineWithdraw = block.timestamp;
    
    _creditIncome(user, roiPending + levelPending + uplinePending);

    uint256 payoutUSD = user.availableWalletUSD;
    require(payoutUSD > 0, "No funds");
    user.availableWalletUSD = 0;

    uint256 totalWegl = getWeglAmountFromUsd(payoutUSD); // <-- VULNERABILITY
    require(weglToken.balanceOf(address(this)) >= totalWegl, "Contract Low Bal");
    
    uint256 burnAmount = (totalWegl * 5) / 100;
    uint256 userAmount = totalWegl - burnAmount;

    if (msg.sender == COMPANY_ID) {
        // ...
    } else {
        _safeTransfer(weglToken, msg.sender, userAmount);
    }

    emit Withdraw(msg.sender, userAmount, payoutUSD);
}

function getWeglAmountFromUsd(uint256 _usdAmount) public view returns (uint256) {
    address[] memory path = new address[](2);
    path[0] = address(usdtToken);
    path[1] = address(weglToken);
    return pancakeRouter.getAmountsOut(_usdAmount, path)[1]; // <-- VULNERABILITY
}

Why It’s Vulnerable

Expected behavior: a withdrawal contract that tracks balances internally in USD should redeem WEGL using a stable conversion source, a stored exchange rate, or a mechanism that cannot be worsened by the same withdrawal sequence. One withdrawal should not make the next user with the same USD balance receive more WEGL just because the previous recipient dumped into the same AMM pool.

Actual behavior: withdraw() zeroes availableWalletUSD, then converts that USD amount to WEGL through PancakeSwap router getAmountsOut() on the live WEGL/USDT pool. The trace shows each helper immediately selling its received WEGL into the same pool, so the spot quote observed by the next withdraw() returns a larger WEGL amount for the same USD-denominated balance.

This makes the primary flaw a logic_error, with price_manipulation as the secondary technique. The attack does not rely on reentrancy or missing auth in withdraw(); it relies on coupling payout sizing to a manipulable spot price that the attacker moves between identical withdrawal calls in the same transaction.

Attack Execution

High-Level Flow

1. The attacker EOA called an orchestrator contract.
2. The orchestrator invoked 11 helper contracts sequentially.
3. Each helper called the White Eagle contract’s withdraw() function.
4. withdraw() priced the helper’s USD-denominated wallet balance into WEGL using PancakeSwap’s live getAmountsOut() quote.
5. The withdrawal contract burned 5% of the computed WEGL and transferred the remainder to the helper.
6. The helper immediately swapped all received WEGL to USDT through PancakeSwap and sent the USDT to the attacker’s profit receiver.
7. Each sale pushed the WEGL/USDT spot price further down, so the next helper’s identical withdrawal redeemed more WEGL for its USD balance.
8. Repeating this 11 times drained 9888.680557825521425533 WEGL from the withdrawal contract.

Detailed Call Trace

• 0xcd935e0462c5b32ee4c11fb5e2d5179508ee5d7e → 0xfc565edbfa06ee13edfa7b8b4677f89ab2382854 claim() (0x4e71d92d) via CALL.
  • 0xfc565edbfa06ee13edfa7b8b4677f89ab2382854 → helper 0x5650c7a41ef11dfa30dc295fc4d857b7c9bbc87a Claim(bool) (0xe60b3625) via CALL.
    • helper → 0x0079517e4157f95cefda99d295fd74fc9b9896eb withdraw() (0x3ccfd60b) via CALL.
      • withdrawal contract → router 0x10ed43c718714eb63d5aa57b78b54704e256024e getAmountsOut(uint256,address[]) (0xd06ca61f) via STATICCALL.
        • router → pair 0x9247a22981ad64e9bd1d8b9b303a2122cd88838c getReserves() (0x0902f1ac) via STATICCALL.
      • withdrawal contract → WEGL 0x5722ce859d00d6c59354c0750263180ffdc8ab7f balanceOf(address) (0x70a08231) via STATICCALL.
      • withdrawal contract → WEGL burn(uint256) (0x42966c68) via CALL.
      • withdrawal contract → WEGL transfer(address,uint256) (0xa9059cbb) to helper via CALL.
    • helper → WEGL balanceOf(address) (0x70a08231) via CALL.
    • helper → router swapExactTokensForTokensSupportingFeeOnTransferTokens(uint256,uint256,address[],address,uint256) (0x5c11d795) via CALL.
      • router → WEGL transferFrom(address,address,uint256) (0x23b872dd) via CALL.
      • router → pair getReserves() (0x0902f1ac) via STATICCALL.
      • router → pair swap(uint256,uint256,address,bytes) (0x022c0d9f) via CALL.
        • pair → USDT transfer(address,uint256) (0xa9059cbb) to 0xa0d511169468ffb4dc986dbb7b58fb7fc190102b via CALL.
  • The same helper pattern repeats 10 more times through helpers 0x316350633c88caeb464911354f6431dc2948f84d, 0x300270ee7353069b1841a5f6d676e99bbf8b9c38, 0x4e76db7e93f4c5c52e0d6ba88c2490a49a3626a9, 0x141379b7e1d5d272e05e00e58bf88efd1ddbdf3b, 0x14a61089e423c3845c411fa33461fe31f90ea3e5, 0xe1915a78ba553f310189e3071e5407a3c9288664, 0x7c8186a60b7edcb2d6f4e29aab183f20c5267575, 0x9e290f287f64e5fede397b1735b0e4885e5f8927, 0xb758b842f35dc4bf9c231c36a06a1355d3779b8d, and 0xba4d2e4300b227245701d2c5bf93948fb5c30e71.

The recovered orchestrator confirms this batching behavior: 0xfc565edbfa06ee13edfa7b8b4677f89ab2382854/recovered.sol hard-codes 11 helper calls, and each helper’s recovered code shows Claim(bool) calling withdraw() and then swapping WEGL to USDT for profit receiver 0xa0d511169468ffb4dc986dbb7b58fb7fc190102b.

Financial Impact

The primary victim was the White Eagle withdrawal contract, which lost 9888.680557825521425533 WEGL according to funds_flow.json. The paired PancakeSwap pool absorbed 9188.709810105814000167 WEGL, while 699.970747719707425366 WEGL was burned across the withdrawal and transfer path.

The profit receiver 0xa0d511169468ffb4dc986dbb7b58fb7fc190102b gained 65645.944170470965224333 USDT across the 11 swaps. The largest single payout in the trace was 11719.558694305319350229 USDT, and later payouts declined as pool state changed, which matches the attack pattern of repeatedly converting the same internal USD logic into progressively more WEGL while extracting external USDT liquidity.

Because the payout asset was the protocol’s own WEGL inventory, the exploit directly impaired the solvency of the withdrawal path. The contract’s status field in receipt.json is 0x1, confirming the full drain sequence executed successfully in a single transaction.

Evidence

• receipt.json:1878 shows transaction status 0x1.
• trace_callTracer.json shows withdraw() (0x3ccfd60b) called 11 times, each followed by a helper swap through PancakeSwap router and pair.
• selectors.json resolves the key selectors used in the report: claim(), Claim(bool), withdraw(), getAmountsOut(uint256,address[]), swapExactTokensForTokensSupportingFeeOnTransferTokens(uint256,uint256,address[],address,uint256), and swap(uint256,uint256,address,bytes).
• funds_flow.json records the withdrawal contract’s net loss of 9888.680557825521425533 WEGL and the profit receiver’s gain of 65645.944170470965224333 USDT.
• receipt.json logs confirm the burn-and-transfer pattern for each withdrawal: WEGL is first burned from the withdrawal contract, then transferred to the helper, then transferred from the helper into the Pancake pair.