Skip to main content

GANA Payment: Reward Rate Manipulation & EOA Bypass (November 2025)

On November 20, 2025, GANA Payment, a payment and staking protocol on the BNB Smart Chain (BSC), was exploited for approximately $3.1 million. The attack involved a combination of an ineffective security check meant to restrict interactions to human users and a subsequent manipulation of internal protocol parameters.

Technical Overview

GANA Payment implemented a staking mechanism where users could lock $GANA tokens to earn rewards over time. To prevent automated interactions from malicious smart contracts, the developers implemented a common but flawed check: require(msg.sender == tx.origin).

This check compares the immediate caller (msg.sender) with the original initiator of the transaction (tx.origin). The intention is to ensure that the function is called directly by an Externally Owned Account (EOA) and not another contract.

Exploit Mechanism: The EOA Restriction Bypass

The attacker successfully bypassed the msg.sender == tx.origin restriction to interact with the protocol via a malicious contract.

  1. The Bypass: While the check prevents a deployed contract from calling the function, it can be bypassed if the call is made from a contract's constructor during deployment. At that point, the contract's address has no code (bytecode length is 0), and in some EVM contexts or specific logic paths, attackers can structure transactions where tx.origin and msg.sender are manipulated or the check simply fails to provide the intended security.
  2. Privilege Escalation: In the case of GANA, either via the bypass or a separate compromise of administrative credentials, the attacker gained the ability to modify the protocol's reward rate parameters.
  3. Reward Inflation: The attacker set the staking reward rate to an astronomical value.
  4. The "Unstake" Drain:
    • The attacker (or their contract) staked a nominal amount of $GANA tokens.
    • Due to the manipulated rate, the accumulated rewards grew instantly to millions of tokens.
    • The attacker then called the unstake() function, withdrawing their original principle along with the massive, unearned rewards.
  5. Liquidation: The stolen $GANA tokens were immediately swapped for other liquid assets (BNB/USDT) and bridged across multiple chains to obscure the trail.

Why This Matters (The "Origin" Fallacy)

The GANA Payment exploit highlights two recurring failures in DeFi security:

  • Trusting tx.origin: Using tx.origin for authorization or EOA-verification is a known anti-pattern. It is vulnerable to phishing (via delegatecall) and specific contract deployment edge cases.
  • Missing Multi-Level Protection: The protocol's core economic parameters (reward rates) were either unprotected or protected by a single, bypassable check.

Mitigation Strategies

  • Avoid tx.origin for Auth: Never use tx.origin for authorization. If you must check if a caller is a contract, use msg.sender.code.length > 0, though this also has caveats (for example, calls from constructors).
  • Administrative Multisigs: Critical parameters like rewardRate should require a multi-signature approval (for example, Gnosis Safe) and ideally be behind a Timelock contract.
  • Sanity Bounds: Implement hard-coded minimum and maximum bounds for rewards. A function that updates a rate should always check if the new rate is within a "sane" operational range.
  • Audit-First Culture: GANA Payment lacked a comprehensive public audit at the time of the exploit. Projects involving millions in TVL must undergo multiple independent audits before launching high-payout staking mechanisms.

Conclusion

The $3.1M GANA Payment heist is a stark reminder that legacy anti-patterns like tx.origin checks continue to plague new deployments. Security researchers must remain vigilant against "human-only" logic that provides a false sense of security while leaving the protocol's economic heart exposed.