DIP Token Missing-Return AMM Drain

On June 16, 2026, the DIP token — reported as a utility asset of the Etherisc ecosystem — was exploited on BNB Chain for approximately $111,000 in USDC, after security firm SlowMist traced the loss to a single missing line of code.

What happened

The DIP token's _transfer() function was missing a return statement in the branch that handled trades routed through the PancakeSwap router. Because that branch fell through instead of returning, the contract performed the token movement twice for router-routed transfers. The attacker weaponised this by calling skim(router) to trigger double DIP transfers into the pair, then sync() to force the pool's tracked DIP reserve to an artificially low value. With the reserve desynced from the real balance, the automated market maker mispriced DIP, and the attacker swapped against the manipulated curve to drain roughly 111,098 USDC from the liquidity pool.

Aftermath

SlowMist flagged the incident in a threat-intelligence alert, pinning the loss at 111,097.6 USDC. The bug was an inherent flaw in the token contract's transfer logic rather than a compromise of any key or oracle; no recovery had been reported at publication.

Why it matters

A single absent return is a textbook example of how token-contract accounting bugs become AMM price-manipulation primitives on BNB Chain. The skim/sync reserve-desync pattern is the same class of weakness that drained PancakeBunny, BurgerSwap and Spartan Protocol years earlier — proof that constant-product pools remain unforgiving of any token whose internal balances can drift from the pair's tracked reserves. It landed two days before the structurally similar Little Boy Plus mint-desync drain.