The yDAI Incident Analysis: Forced Investment

Summary

Details

The Forced Investment Vulnerability

  1. It firstly flashloans from dYdX and AaveV2;
  2. It next performs unbalanced trades on 3pool so that the affected strategy (StrategyDAI3pool) becomes non-profitable;
  3. It then deposits DAI into yDAI vault and triggers the investment (earn()) into the non-profitable strategy, which further deteriorates the unbalanced state of 3pool;
  4. It profits from the unbalanced 3pool from the previous two steps; and
  5. It repeated the above steps to comply with imposed 0.5% slippage control in the strategy and finally pays back the flashloans in the first step. For illustration, we show below the related steps.

The Funds

About Us

--

--

--

A Blockchain Security Company (https://peckshield.com)

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

HBS tokens with cross-chain liquidity!

Richard Forrest of Hayes Connor: 5 Things You Need To Know To Optimize Your Company’s Approach to…

The Severe Importance of Device Authentication

The Math Behind The Smart Contract Audit Crisis

Zeek Network Security Monitor Tutorial: Part 1 (Setup)

Fortanix and IBM partner on Runtime Encryption to bolster Trust in Cloud Computing with the launch…

Central Bank of Argentina Prepares New Regulations for Digital Wallets

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
PeckShield

PeckShield

A Blockchain Security Company (https://peckshield.com)

More from Medium

Is High Yield DeFi Lending Doomed After BlockFi’s $100mm Settlement? Maybe Not.

DECENTRILIZED FINANCE (DeFi) SIMPLIFIED.

Crypto Bank is thrilled to announce the partnership with BitForex

Defi Motors