WarpFinance Incident: Root Cause Analysis


This incident was due to a bug in the protocol that uses the AMM-based oracle, i.e., Uniswap, to measure the asset price. After a flashloan-based price manipulation on Uniswap, the exploitation leads to an un-proportional (borrowed) amount of DAI and USDC from the WarpFinance lending platform. The whole process leads to $~7.8 million of DAI/USDC loss. However, the attacker does not get hold of this fund or is not at his disposal. Instead, the deposited LP tokens as collaterals from the attacker are locked in WarpFinance due to an under-water borrow position.


The Hack Walk-through

  • Step 1: Take four different flashloans of 2.9M DAI + 344.8K WETH from dYdX and UniswapV2;
  • Step 2: Deposit the dYdX flashloan (of 2.9M DAI + 76K WETH) to UniswapV2 pair (WETH-DAI) and mint in return 94.349K LP tokens. These minted tokens are then transferred to WarpVaultLP as collateral to the credit of the attacker; (Note that current price of LP token is 58,815,427.)
  • Step 3: Swap 341K WETH for 47.6M DAI via UniswapV2 so that DAI becomes very expensive, which cascadingly at least doubles the LP token price to 135,470,392;
  • Step 4: With the higher LP token price and the higher computed collateral value, the attacker is able to borrow 3.86M DAI and 3.9M USDC from WarpFinance (valued about $~7.8 million)
  • Step 5: Return the flashloans in Step 1 back to dYdX and UniswapV2.

The Stolen Funds

Though this incident leads to $~7.8 million loss, the attacker does not immediately benefit from it. Specifically, the attacker is currently having an under-water borrow position in WarpFinance, which still locks the 94.349K LP tokens. In the meantime, we are actively monitoring the attacker wallet for any movement.

About Us

PeckShield Inc. is an industry leading blockchain security company with the goal of elevating the security, privacy, and usability of the current blockchain ecosystem. For any business or media inquiries (including the need for smart contract auditing), please contact us at telegram, twitter, or email.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store