ChainCatcher message, according to the monitoring of the Beosin EagleEye security risk monitoring, early warning, and blocking platform under the blockchain security audit company Beosin, the sDAO project on the BNB Chain has suffered a vulnerability attack. Beosin's analysis found that there is an error in the business logic of the sDAO contract. The getReward function calculates rewards based on the LP tokens owned by the contract and the LP tokens added by the user as parameters. The calculated rewards are positively correlated with the number of LP tokens added by the user and negatively correlated with the total number of LP tokens owned by the contract. However, the contract provides a withdrawTeam method that can send all BNB and specified tokens owned by the contract to a designated address, and this function can be called by anyone.In this attack, after the attacker added LP tokens to it, they called the withdrawTeam function to send all LP tokens to the designated address and immediately transferred a very small amount of LP tokens back to the contract. This caused the total number of LP tokens owned by the contract to be a very small value when the attacker subsequently called getReward to obtain rewards, resulting in an abnormal amplification of the rewards. Ultimately, the attacker profited approximately 13,662 BUSD through this vulnerability.