WarpFinance Incident: Root Cause Analysis

Summary

Details

The Hack Walk-through

  • Step 1: Take four different flashloans of 2.9M DAI + 344.8K WETH from dYdX and UniswapV2;
  • Step 2: Deposit the dYdX flashloan (of 2.9M DAI + 76K WETH) to UniswapV2 pair (WETH-DAI) and mint in return 94.349K LP tokens. These minted tokens are then transferred to WarpVaultLP as collateral to the credit of the attacker; (Note that current price of LP token is 58,815,427.)
  • Step 3: Swap 341K WETH for 47.6M DAI via UniswapV2 so that DAI becomes very expensive, which cascadingly at least doubles the LP token price to 135,470,392;
  • Step 4: With the higher LP token price and the higher computed collateral value, the attacker is able to borrow 3.86M DAI and 3.9M USDC from WarpFinance (valued about $~7.8 million)
  • Step 5: Return the flashloans in Step 1 back to dYdX and UniswapV2.

The Stolen Funds

About Us

--

--

--

A Blockchain Security Company (https://peckshield.com)

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

WhatsApp, Instagram, and Facebook have all started to come back online after a massive outage that…

AN EXCLUSIVE NETWORK – SECRETNETWORK The first blockchain with smart contracts that protect your…

IP Warmup: How to Gain Credibility with ISPs

Find SSRF , LFI , XSS using httpx , waybackurls , gf , gau , qsreplace

MAC Addressing

Screen Scraping vs. API — 10 Questions to understand the differences

Bigger market share, bigger risks for payment card industry

{UPDATE} Cheerleader Champion: Win Gold Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
PeckShield

PeckShield

A Blockchain Security Company (https://peckshield.com)

More from Medium

Lendefi Integrates Chainlink Price Feeds for Secure DeFi Leveraged Trading on BSC

INTRODUCING!! TRIFLE FINANCE; REVOLUTIONIZING DEFI SPACE TO THE NEXT LEVEL OF GLOBAL FINANCE.

Introduction to AAVE

The Triple dApp Threat