DeFi vulnerability leading to $6.7M exploit ‘not detected’ by auditors

외신뉴스
2023-11-14 03:02 AM

Zhiyuan Sun5 hours agoDeFi vulnerability leading to $6.7M exploit ‘not detected’ by auditorsThe project was previously audited by Trail of Bits and Hats Finance.1187 Total views26 Total sharesListen to article 0:00NewsJoin us on social networksDecentralized U.S. dollar stablecoin protocol Raft claims that despite multiple security audits, the firm still suffered a security exploit leading to the loss of $6.7 million last week.


According to the project’s Nov. 13 post-mortem report, a few days prior, a hacker borrowed 6,000 Coinbase-wrapped staked Ether (cbETH) on decentralized finance protocol Aave, transferred the sum to Raft, and minted 6.7 million R tokens, Raft’s stablecoin, using a smart contract glitch.


The unauthorized minted funds were then swapped off the platform through liquidity pools on decentralized exchanges Balancer and Uniswap, netting $3.6 million in proceeds. The R stablecoin depegged after the attack. 


According to the report:“The primary root cause was a precision calculation issue when minting share tokens, which enabled the exploiter to obtain extra share tokens. The attacker leveraged the amplified index value to increase the worth of their shares.”


The smart contracts exploited during the incident were audited by blockchain security firms Trail of Bits and Hats Finance. “Unfortunately, the vulnerabilities that led to the incident were not detected in these audits," Raft wrote.


The project said that since the Nov. 10 incident, it has filed a police report and is working with centralized exchanges to track down the flow of the stolen funds. All of Raft’s smart contracts are currently suspended, though users who minted R “retain the ability to repay their positions and retrieve their collateral.”


Decentralized stablecoins are minted with users’ crypto deposits as collateral. In December 2022, decentralized stablecoin HAY depegged against the U.S. dollar after a hacker took advantage of a smart contract glitch and minted 16 million HAY without proper collateral. The HAY stablecoin has since repegged, partly due to the protocol requiring a collateralization ratio of 152% at the time of the exploit as part of its risk management. We are aware of a potential security vulnerability.

We are currently investigating and will provide an update as soon as we can.— Raft (@raft_fi) November 10, 2023


Related: September becomes the biggest month for crypto exploits in 2023# Blockchain# Cryptocurrencies# SecurityAdd reactionAdd reactionRead more3 theses that will drive Ethereum and Bitcoin in the next bull marketHistory tells us we’re in for a strong bull market with a hard landingGary Gensler teases details of SEC’s $5B take from enforcement actions, shades crypto

외신뉴스
Crypto news


함께 보면 좋은 콘텐츠

All posts
Top