Why does the erc20 oracle yield false positives?

[vilotgit]

trafficstars

I ran the following command. ityfuzz evm -t 0x68EB5c749a90b195F8723414d9f5E1ae273f59E1,0x55d398326f99059fF775485246999027B3197955,0x17269a3CACB6eA16FE5137eC3ccBde00A6A97668 -f -c bsc -d erc20 --onchain-etherscan-api-key <API_KEY>

And got the following result.

😊😊 Found vulnerabilities!


================ Description ================
[Fund Loss]: Anyone can earn 8.254 ETH by interacting with the provided contracts

================ Trace ================
[Sender] 0xe1A425f1AC34A8a441566f93c82dD730639c8510
   └─[1] 0x17269a3CACB6eA16FE5137eC3ccBde00A6A97668.sync()
[Sender] 0x68Dd4F5AC792eAaa5e36f4f4e0474E0625dc9024
   ├─[1] Router.swapExactETHForTokens{value: 18.4467 ether}(0, path:(WETH → 0x68EB5c749a90b195F8723414d9f5E1ae273f59E1), address(this), block.timestamp);
   └─[1] 0x68EB5c749a90b195F8723414d9f5E1ae273f59E1.transfer(0x68Dd4F5AC792eAaa5e36f4f4e0474E0625dc9024, 0)

However, when I try to reproduce the exploit with foundry forge (with enough initial funds), the transaction does not yield the promised profit. In fact, it does not yield any profit. In addition, the contracts involved do not seem to have enough tokens to yield 8.254ETH.

According to the code in src/evm/tokens/v2_transformers, it seems like ityfuzz handles liquidation by iterating through necessary Uniswap swaps. Are there any approximation steps involved with this procedure? Where is the 8.254 ETH profit coming from?

Thanks!