DeFi investment tool Earning.Farm suffers a flash loan attack, with hackers profiting over $340,000

2022-10-15 10:07:31

Collection

ChainCatcher news, according to monitoring by the Supremacy security team, the EFLeverVault contract of the DeFi investment tool Earning.Farm was subjected to two flash loan attacks. The first attack was intercepted by an MEV bot, resulting in a loss of 480 ETH for the contract; the second attack was successfully completed by the hacker, who profited 268 ETH.

After analysis, the vulnerability was caused by the contract's flash loan callback function not verifying the initiator of the flash loan, allowing the attacker to trigger the contract's flash loan callback logic: repaying the Aave stETH debt within the contract and withdrawing, then exchanging stETH for ETH. Subsequently, the attacker could call the withdraw function to withdraw all ETH balance within the contract. (source link)

Related tags

Flash Loan Earning Hacker Attack DeFi

ChainCatcher reminds readers to view blockchain rationally, enhance risk awareness, and be cautious of various virtual token issuances and speculations. All content on this site is solely market information or related party opinions, and does not constitute any form of investment advice. If you find sensitive information in the content, please click "Report", and we will handle it promptly.