Platypus auditor says $8 million exploit was caused by a contract edit that occurred after an audit, causing misordered lines and allowing for the flash loan attack
According to the report, the Platypus MasterPlatypusV4 contract “contained a fatal misconception in its emergencyWithdraw mechanism” which made it perform “its solvency check before updating the LP tokens associated with the stake position.”
The report emphasized that the code for the emergencyWithdraw function had all of the necessary elements to prevent an attack, but these elements were simply written in the wrong order, as Omniscia explained: “The issue could have been prevented by re-ordering the MasterPlatypusV4::emergencyWithdraw statements and performing the solvency check after the user’s amount entry has been set to 0 which would have prohibited the attack from taking place.”
Omnisia admitted that they audited a version of the MasterPlatypusV4 contract from Nov. 21 to Dec. 5, 2021. However, this version “contained no integration points with an external platypusTreasure system” and therefore did not contain the misordered lines of code. From Omniscia’s point of view, this implies that the developers must have deployed a new version of the contract at some point after the audit was made.
France Dernières Nouvelles, France Actualités
Similar News:Vous pouvez également lire des articles d'actualité similaires à celui-ci que nous avons collectés auprès d'autres sources d'information.
Two Avalanche (AVAX) DeFis Hacked in One DayDexible and Platypus DeFis drained by attackers; will hackers return funds to affected teams?
Lire la suite »
DeFi protocol Platypus suffers $8.5M flash loan attack, suspect identifiedA potential suspect has been identified over the $8.5 million attack on decentralized finance protocol Platypus, which saw $8.5 million drained from the protocol.
Lire la suite »
How Solvency Check Error Led to USP Depegging on Avalanche Based Platypus FinanceA flaw in a key pricing mechanism led to Platypus Finance’s USP stablecoin losing over 50% of its intended peg with U.S. dollars earlier on Friday. Here's how it happened. By shauryamalwa.
Lire la suite »
Flash loan exploit appears to be behind Platypus USD stablecoin attackThe stablecoin from PlatypusDefi, Platypus USD, suddenly dropped over 52%, and the on-chain evidence points to a flashloan exploit.
Lire la suite »
USP Stablecoin Loses Dollar Peg as DeFi Protocol Platypus Suffers $8.5M AttackA flash loan attack on DeFi protocol platypusdefi caused its Platypus USD (USP) stablecoin to fall to 48 cents from $1. The potential loss is $8.5 million, according to blockchain security firm CertiK. sndr_krisztian reports
Lire la suite »
Platypus DeFi faces flash loan attack, according to CertiKThe flash attack appears to be the same method used by Avi Eisenberg to manipulate the price of Mango Markets’ MNGO coin in October.
Lire la suite »