Posts

Avalanche Protocols Get Flash Loan Attacked

avatar of @chekohler
25
Cesc0410
@chekohler
·
·
0 views
·
3 min read

In todays edition of YIYL (You Invest You lose), we take a look at one of those forked EVM chains that claimed they were going to become Ethereum killers, man are there a lot of these things out there as everyone tries to push the L1 rotation thesis, and that they are going to be some foundational part of the internet, which is sadly not going to be the case, but investors will hodl to zero and I think that's marvelous.

If you believe in something, if you have a thesis, by all means hold it all the way down to zero, that's the noble thing to do. We all make mistakes, that's being human and once you're fully rekt, you can take the time to think, maybe I missed something here, maybe I should start laying off the hopium.

So, back to the story, The shitcoin space really is the oeff, that keeps on oeffing and Avalance is no exception.

Gone in a flash

On Tuesday blockchain cybersecurity firm CertiK warned users of this shitcoin that A flash loan attack had extracted $370,000 in USDC from a smart contract, as well as several liquidity providers.

https://twitter.com/CertiKAlert/status/1567314528357990401

The exDecentralized exchange Trader Joe, staking platform Nereus Finance and automated market maker Curve Finance are thought to have been impacted, the firm said in a tweet.

Honestly, I hate using the words exploit or hack, because that is not the case, this isn't some brute force attack. THIS is the way the protocols work, if you can run code and it works, then that's how code works.

https://twitter.com/nereusfinance/status/1567574661311102976?

The user just happened to find a way to run a command and a tactic that gave them a better return than anyone else, and more power to that person, you go Glen Coco.

Wtf is a flash loan?

A flash loan exploit is an trading strategy used against these smart contract platforms whereby a smart person does the math borrows uncollateralized funds from a lending protocol and manipulates the price of a given asset, driving up its value.

The user then sells back the borrowed capital in the same transaction after they’ve managed to arbitrage the asset, pocketing the difference.

How did this flash loan work?

As a result, of the loan from the curve, the anonymous user was able to mint 998,000 worth of Nereus' native token NXUSD against $508,000 worth of collateral. They then swapped this capital into different assets via various liquidity pools and managed to walk away with a net profit of $371,406 once the flash loan was returned.

The incident saw the creation of $500,000 of NXUSD which is seen as “bad debt” in the NXUSD protocol. The decision was to pay bad debt using NXUSD from the team’s treasury, sounds pretty decentralised. How do you have a protocol with a central team doing poor open market operations and call it decentralised, lol I guess this is gender-fluid reasoning in finance.

It will be different next time

According to Nereus, the exploit resulted from a “missed step” in the price calculation, resulting in the opportunity to be exploited. Nereus now claims the bug was fixed and the same exploit won’t be possible a second time.

You don't get a fucking next time mate, that's not how it works. Once you bugger up once, only a small percentage of retards are going to come back for a second bite at losing their funds, but you do you.

A bounty on his head

The Nereus team embarrassed decided they wouldn't follow other protocols and beg the user for the funds back, instead offering anyone a fee for his capture. If anyone can identify the hacker and track the funds and Nereus offered a 20% White Hat reward for the return of the funds, no questions asked.

I wonder if team Binance would bother picking up the 70k, or is that too small a fee?

I sure do enjoy waking up to seeing web3 show us in real-time, that proof of work and having a native asset that is secured by something other than server requests ain't going to be secure. Some of us have learned that lesson, others are doomed to repeat the mistake.

Watching people fight gravity sure is fun.

Sources:

Have your say

What do you good people of HIVE think?

So have at it my Jessies! If you don't have something to comment, "I am a Jessie."

Let's connect

If you liked this post, sprinkle it with an upvote or esteem and if you don't already, consider following me @chekohler and subscribe to my fanbase

Earn Free bitcoin & shopEarn Free Bitcoin & shopClaim Free Bitcoin & Shop

Posted Using LeoFinance Beta