The SlowMist security team has issued an alert stating that LittleBoyPlus suffered an exploit, resulting in a loss of approximately 377,642 USDT, equivalent to about 610.555 BNB. According to SlowMist, the root cause of the vulnerability lies in the `update` function of the LBPHashrate contract, which can be triggered by a zero-amount `transferFrom` call, bypassing OpenZeppelin's authorization checks. The attacker was able to mint LBP tokens directly to the PancakePair address without requiring trading pair authorization, causing an imbalance between the balance and reserves, and subsequently draining USDT through `PancakePair.swap`. https://(wublock123.com)/news/slowmist-littleboyplus-exploit-378k-usdt-loss-63006