Opyn Hacks: Root Cause Analysis


This hack was done by calling exercise() with more than two vaults with ETH as the underlying assets. Since the implementation treats the same batch of ETH received as multiple batches of ETH receptions, the hacker re-uses that batch of ETH to retrieve the collateral USDC and make profits.


Opyn allows anyone to exercise a vault with adequate underlying assets and oTokens. By burning the oTokens and taking in the underlying assets, the OptionContracts pays out collateral assets to the caller of exercise().

Figure 1: exercise() Loops a List of Given Vaults
Figure 2: Re-using the ETH Sent into the Contract to Retrieve Collateral
Figure 3: Exploit Transaction


While dealing with ETH reception, we typically use a local variable msgValue to keep the amount of msg.value in Solidity. This allows us to calculate and book-keep how much ETH had been taken. In addition, address(this).balance could be used to check if the smart contract does have enough ETH as indicated by msg.value.

About Us

PeckShield Inc. is an industry leading blockchain security company with the goal of elevating the security, privacy, and usability of current blockchain ecosystem. For any business or media inquiries (including the need for smart contract auditing), please contact us at telegram, twitter, or email.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store