# How Does the Grok Token Exploiter Exploit the X Token By Baking His Own Cake And Eating it? ### Strategy One Liner The bot utilizes the methods of the ERC20 X token to create the arbitrage opportunity between a Uniswap V2 pool and a Uniswap V3 pool, and takes advantage of it, making a profit of $4,844. ### Big Picture EigenTX Link:
### Key Steps **Stage 1: Prep the Uniswap V2 X-WETH pool.** Step 0: Borrow 6,493,128,478.6032 X from the Uniswap V3 pool of X-WETH.
Steps 1-6: Swap 3,431,282,845.8058 X for 23.4081 ETH at UNI-V2, and transfer 34,659,422.6849 X back to X contract as a 1% tax.
Steps 7-12: Swap 34,312,828.4581 X for 0.2006 ETH at UNI-V2, transfer 346,594.2268 X back to X contract as a 1% tax.
**Stage 2: Overflow the X contract to create the arbitrage prospect.** Step 13: Transfer 2,827,595,502.6415 X back to the X contract, bringing the balance of the X token of the X contract to 10,000,346,595.226849. ![](https://substackcdn.com/image/fetch/w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F616519bf-5fcd-443d-b4d6-abcdfe3c769a_1362x275.png) The simulation on Blocksec shows the effect.
Steps 14-26: Swap 99,000,000 X for 0.2892 ETH at UNI-V2, and transfer 1,000,000 X back to X contract as a 1% tax. The swapping of X for ETH this time triggers an internal function, X.shouldContractSwap(), returning true, which is the result of the code below: ``` aboveThreshold = balanceOf(address(this)) >= swapThreshold; ``` The transfer in step 13 satisfies the condition: the balance of X is bigger than the threshold of 10,000,000,000. Before step 13, this code returns False. You can find it in [the contract of the X token](https://etherscan.io/address/0xa62894d5196bc44e4c3978400ad07e7b30352372#code).
Next, the X contract injects 10,000,000,000 X tokens into the Uniswap V2 pool and puts the received ETH to its deployer’s EOA. **This huge injection of X inflates its value, causing the exchange rate of X against ETH to surge to 342,323,651 X per ETH. The price gap between this Uniswap V2 pool of X-ETH and the Uniswap V3 pool of X-WETH.** We can split the steps of 14 to 26 as below. Steps 14-18: X contract transfer 10,000,000,000 X to UNI-V2 and swap X for 41.3756 WETH, unwrap WETH and transfer ETH back to X
Steps 19-20: X contract transfer 20.4830 ETH and 20.9020 ETH to an EOA address
Steps 21-26: *To* address finishes the swap operation at Uniswap V2 pool and pays tax.
**Stage 3: Harness arbitrages.** Step 33: *To* address repays the flash loan, 6,558,059,763.3892 X, to the Uniswap V3 pool of X-WETH.
Steps 34-39: *To* address swaps 31,457,966.2838 X for 0.1402 ETH at the Uniswap V2 pool, transferring 317,757.2352 X back to X contract as a 1% tax.
Step 40: Borrow 5.1598 WETH from a new Uniswap V3 Pool of USDC-ETH.
Steps 41-48: To address swap 5.3 ETH for 1,123,530,803.0087 X at the Uniswap V2 pool, which transfers 11,348,795.99 X back to X contract as a 1% tax.
Steps 49-50: Swap 1,123,530,803.0087 X for 7.8274 WETH at the Uniswap V3 pool of X-WETH.
Step 51: *To* address repay the flashloan, 5.1624 WETH, to the second UniswapV3Pool.
Steps 52-53: Unwrap 2.6651 WETH to 2.6651 ETH.
### Key Assets X, ETH, WETH ### Simplified Illustration
### More Details * From [the contract page on Etherscan](https://etherscan.io/address/0x2256e6a917e3909d5db8796f756a6c25348bf83f), we can see the EOA labeled as GROK Toekn Exploiter did all the transactions.
* 2 transactions involving SPIKE utilized the same strategy to do arbitrages. You can find [more details](https://eigenphi.substack.com/i/146452249/what-about-the-spike) here. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://eigenphi-1.gitbook.io/head-first-defi/under-the-hood-of-the-defi-lego/how-does-the-grok-token-exploiter-exploit-the-x-token-by-baking-his-own-cake-and-eating-it.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.