Attack Steps (based on the tx )

Prior to the attack, the price(TITANX/BLAZE) was 9,230,016.

The attacker borrowed 510,181,931,258 TITANX Token via flashloan from the Uniswap V3 pool, with the recipient being the Uniswap V2: TITANX-BLAZE pool. Consequently, the attacker transferred 18,000,000,000 TITANX Token to the Uniswap V2: TITANX-BLAZE pool.

Then the attacker swapped ~57,224.374 BLAZE tokens in the Uniswap V2: TITANX-BLAZE pool. At a result of this swap, price2(TITANX/BLAZE) was soared at 20,641,436, which was a 123.6% increase compared with price1;

The attacker invoked the swapTitanXForInfernoAndBurn function in the INFERNO contract by setting the amountBlazeMin argument to zero. The configuration was invalid slippage protection.

1. The swapTitanXForInfernoAndBurn function was first invoked to swap 7,964,945,360 TITANX tokens to obtain 385.871 BLAZE tokens in the Uniswap V2: TITANX-BLAZE pool, where the spot price, known as price2, had already been manipulated.
2. Subsequently, the function swapped the BLAZE tokens to receive 467,720,154 INF tokens in the Uniswap V3 pool.
3. Finally, the InfernoBuyAndBurn contract burned the INF tokens and transferred 121,293,584 TITANX tokens as incentive to the attacker contract.

The price 3 (TITANX/BLAZE) declined to 9,315,737, which was still higher than the initial price (price 1).

The attacker exploited this unreasonable price to buy TITANX tokens and finally made a profit of 5,026,609,611 TITANX tokens, of which 121,293,584 were normal profits and the rest were sandwich attack profits.

Root Cause

• The attacker exploited the vulnerability in the swapTitanXForInfernoAndBurn of the InfernoBuyAndBurn contract to force investment in the Uniswap pools.
• Note that in this attack, "forced investment" means forcing the protocol to execute swaps at outrageous prices.

References

The intention of the swapTitanXForInfernoAndBurn function Buy & Burn | INFERNO