CertiK: The project Platypus on Avalanche experienced a flash loan attack on its stablecoin PUSD, resulting in a loss of approximately 9 million USD

2023-02-17 08:10:24

Collection

ChainCatcher news, according to CertiK monitoring, the project Platypus on Avalanche experienced a flash loan attack on its stablecoin Platypus USD, resulting in a total asset loss of approximately $9 million. Most of the stolen funds remain in the attacker's contract address, while some funds have been sent to EOA and AAVE pools.

The vulnerability seems to lie in the emergencyWithdraw function's validation for the MasterPlatypusV4 contract, which only fails when the borrowed assets exceed the borrowing limit. The function then continues to process the transfer of all users' deposit assets without considering the value of the assets borrowed by the users. The official Platypus Telegram channel stated that USP was subjected to a flash loan attack and is currently working to assess the situation, with all activities paused. (source link)

ChainCatcher reminds readers to view blockchain rationally, enhance risk awareness, and be cautious of various virtual token issuances and speculations. All content on this site is solely market information or related party opinions, and does not constitute any form of investment advice. If you find sensitive information in the content, please click "Report", and we will handle it promptly.