Hacker drains over $20M in latest exploit
Popsicle Finance, a cross-chain decentralized finance app, and market maker was hacked in a cyberattack yesterday resulting in $20.7 million being drained from one of its liquidity pools. The hacker made off with over $20 million in various cryptocurrency tokens including around $10 million in USDC and USDT. According to an announcement on Wednesday 4th August, the exploit affected Popsicle’s UniswapV3 optimizer pool whilst other contracts were left unaffected.
Like any good tragedy story, things started off so smoothly. The protocol recently took to Twitter to celebrate the launch of its Sorbetto (UniswapV3) pool announcing that it had earned $1 million in fees for liquidity providers. Additionally announcing that they had reached a landmark $30 million in total value locked صرف تین دن میں.
Fast-forward a week and the Twitter feed tells a very different story. Furthermore, upon the announcement, the price of the platform’s native ICE token slipped over 55%. However, it does now seems to be in recovery.
کیا ہوا؟
Mundit Gupta, a member of the SushiSwap security team وضاحت کرنے کے لیے ٹویٹر لے گئے۔ in a detailed thread what had happened with a strong claim that while the hack was complex the bug in the system was simple. Moreover, avoidable. In a nutshell, Popsicle Finance doesn’t transfer the reward debt when users transfer their shares. This exposes multiple exploits, one of which was used. The main bug is that these variables are not updated when the user transfers their share to a different address. The new address is eligible to claim rewards from day zero rather than from when the user deposited their tokens. This is what the attacker did.
Mundit went on to explain further that this bug also allows the user to keep transferring the shares and claiming rewards for the same shares multiple times using different accounts. Overall stating that while this is a relatively straightforward bug but it’s surprisingly common and that the developers or auditors should have caught this in reviews. Worst of all for Mundit and the affected parties this is not the first time he has drawn attention to this flaw in the system.
It appears rather than his warning being heeded by developers it may have actually spurred on the hackers to discover more opportunities where this bug lay hidden.
To put these exploits into perspective a bit more it is always worth remembering that the world of decentralized exchanges and DeFi is merely a few years old. While the arguably most capital-efficient decentralized exchange, Uniswap V3, was only launched 3 months ago. DeFi is evolving and as such presents opportunities for those with know-how. Obviously, this is not the first major exploit of 2021 and we are certain it won’t be the last. What is perhaps most vital is how Popsicle deals with the aftermath and any reimbursements.
مندرجہ بالا سرمایہ کاری کے مشورے کی تشکیل نہیں کرتا ہے۔ یہاں دی گئی معلومات خالصتاً معلوماتی مقاصد کے لیے ہیں۔ براہ کرم مستعدی سے کام لیں اور اپنی تحقیق کریں۔ مصنف ETH، BTC، ADA، NIOX، AGIX، MANA، SAFEMOON، SDAO، CAKE، HEX، LINK، GRT، CRO، SHIBA INU، اور OCEAN میں عہدوں پر فائز ہیں۔
.mailchimp_widget {
متن کی سیدھ: مرکز
مارجن: 30px آٹو !اہم؛
ڈسپلے: فلیکس
سرحد کا رداس: 10 px؛
چھپا ہوا رساو؛
flex-wrap: لپیٹ
}
.mailchimp_widget__visual img {
زیادہ سے زیادہ چوڑائی: 100٪؛
اونچائی: 70px؛
فلٹر: ڈراپ شیڈو(3px 5px 10px rgba(0, 0, 0, 0.5))؛
}
.mailchimp_widget__visual {
پس منظر: #006cff؛
flex: 1 1 0;
بھرتی: 20PX؛
align-items: مرکز؛
justify-content: مرکز؛
ڈسپلے: فلیکس
flex-direction: column;
رنگ: #fff؛
}
.mailchimp_widget__content {
بھرتی: 20PX؛
flex: 3 1 0;
پس منظر: #f7f7f7؛
متن کی سیدھ: مرکز
}
.mailchimp_widget__content لیبل {
فونٹ سائز: 24px؛
}
.mailchimp_widget__content input[type="text"],
.mailchimp_widget__content input[type="email"] {
بھرتی: 0؛
بھرتی - بائیں 10px؛
سرحد کا رداس: 5 px؛
باکس شیڈو: کوئی نہیں؛
بارڈر: 1px ٹھوس #ccc؛
لائن اونچائی: 24px؛
اونچائی: 30px؛
فونٹ سائز: 16px؛
مارجن نیچے: 10px !اہم؛
مارجن ٹاپ: 10px اہم؛
}
.mailchimp_widget__content input[type=”submit”] {
بھرتی: 0 !اہم؛
فونٹ سائز: 16px؛
لائن اونچائی: 24px؛
اونچائی: 30px؛
مارجن-بائیں: 10px !اہم؛
سرحد کا رداس: 5 px؛
بارڈر: کوئی نہیں؛
پس منظر: #006cff؛
رنگ: #fff؛
کرسر: پوائنٹر؛
منتقلی: تمام 0.2s؛
مارجن نیچے: 10px !اہم؛
مارجن ٹاپ: 10px اہم؛
}
.mailchimp_widget__content input[type=”submit”]:hover {
باکس شیڈو: 2px 2px 5px rgba(0, 0, 0, 0.2)؛
پس منظر: #045fdb؛
}
.mailchimp_widget__inputs {
ڈسپلے: فلیکس
justify-content: مرکز؛
align-items: مرکز؛
}
@media اسکرین اور (زیادہ سے زیادہ چوڑائی: 768px) {
.mailchimp_widget {
flex-direction: column;
}
.mailchimp_widget__visual {
flex-direction: قطار
justify-content: مرکز؛
align-items: مرکز؛
بھرتی: 10PX؛
}
.mailchimp_widget__visual img {
اونچائی: 30px؛
مارجن-دائیں: 10px؛
}
.mailchimp_widget__content لیبل {
فونٹ سائز: 20px؛
}
.mailchimp_widget__inputs {
flex-direction: column;
}
.mailchimp_widget__content input[type=”submit”] {
مارجن-بائیں: 0 !اہم؛
مارجن ٹاپ: 0 !اہم؛
}
}
