Flash Loan Attack on Platypus Project Contract
On February 17, according to the monitoring of Beosin EagleEye security risk monitoring, early warning and blocking platform of Beosin, a blockchain security a…
On February 17, according to the monitoring of Beosin EagleEye security risk monitoring, early warning and blocking platform of Beosin, a blockchain security audit company, the Platypus project contract on the Avalanche chain was attacked by a flash loan. The analysis of Beosin’s security team found that the attacker first lent USD44 million through the flash loan and then called the deposit function of the Platypus Finance contract to pledge, which would cast an equal amount of LP-USDC for the attacker, Then the attacker pledged all LP-USDC into pool 4 of the MasterPlatypusV4 contract, and called the positionView function to use_ The borrowLimitUSP function calculates the loanable balance_ The borrowLimitUSP function will return the percentage of the value of the pledged items in MasterPlatypusV4 as the maximum loanable limit. The return value is used to cast a large number of USPs (profit points) through the borrowfunction. Since the attacker has a large amount of debt (USP) borrowed by LP-USDC, it should not be able to extract the pledged items under normal logic, However, there is a problem with the emergencyWithdraw function check mechanism of MasterPlatypusV4 contract, which only detects whether the user’s borrowing amount exceeds the user’s borrowLimitUSP (borrowing limit) without checking whether the user repays the debt, which allows the attacker to successfully extract the collateral (44 million LP-USDC). After the repayment of 44 million USDC flash loan, the attacker still had 41794533 USD left, and then the attacker converted the profitable USD into various stable currencies worth 8522926 USD.
Beosin: Analysis of the attack event that the Platypus project on Avalanche chain lost US $8.5 million
Analysis based on this information:
According to Beosin EagleEye Security Risk Monitoring, the Platypus Project Contract on the Avalanche chain was attacked on February 17. The attack was executed through a flash loan, wherein the attacker first lent USD 44 million and then called the deposit function of the Platypus Finance contract to pledge, resulting in an equal amount of LP-USDC for the attacker. The attacker then pledged all LP-USDC into pool 4 of the MasterPlatypusV4 contract and used the positionView function to calculate the loanable limit using the borrowLimitUSP function.
Interestingly, since the attacker had a large amount of debt (USP) borrowed by LP-USDC, it should not have been able to extract the pledged items under normal logic. However, the emergencyWithdraw function check mechanism of the MasterPlatypusV4 contract had a problem. The mechanism only detected whether the user’s borrowing amount exceeded their borrowLimitUSP (borrowing limit) without checking whether the user repaid the debt. This allowed the attacker to successfully extract the collateral, and after the repayment of the USD 44 million flash loan, the attacker still had USD 41,794,533 left.
In the final phase of the attack, the attacker converted the profitable USD into various stable currencies worth USD 8,522,926. This incident highlights the importance of robust security mechanisms and the need to constantly update them to protect against emerging threats like flash loan attacks.
Furthermore, the incident also underscores the need for cryptocurrency exchanges and platforms to have multi-layered security frameworks and invest in blockchain security audit companies like Beosin to stay ahead of the curve. The flash loan attack on the Platypus Project Contract is a significant reminder that blockchain-based systems are still prone to exploitation if left unsecured.
In conclusion, the flash loan attack on the Platypus Project Contract highlights the need for robust security measures in the blockchain ecosystem. As blockchain technology continues to gain prominence and disrupt traditional sectors, multidimensional security measures will play a crucial role in safeguarding digital assets and preventing large-scale financial losses.
This article and pictures are from the Internet and do not represent aiwaka's position. If you infringe, please contact us to delete:https://www.aiwaka.com/2023/02/17/flash-loan-attack-on-platypus-project-contract/
It is strongly recommended that you study, review, analyze and verify the content independently, use the relevant data and content carefully, and bear all risks arising therefrom.
Recommended articles
-
Decent What currency (earned currency)
Decentralized finance is one of the most important components of the blockchain industry, and it will become the foundation of a new application ecosystem built by developers and investors With the development of blockchain technology becoming increasingly mature, people are starting to use decentralized tools to create smart contract based applications, such as social media, games, etc; But these applications are not comprehensive, interesting, and easy to understand And now, this situation has emerged What currency is the percentage? What currency is also known as’ Decentral ‘or’ digital assets’. According to the introduction, “decentralized” or “decentralized currency” was linked to the value of the US dollar when it was launched on December 18, 2017, at a price of only 0.042 US dollars. The current price of Decentral is $0.016 Although Bitcoin has recently risen by more than 400%, Ethereum has not continued to soar as some people believe. On the contrary, decentral is creating a new Internet native Cryptocurrency –…
-
MASK/KRW Takes Over BTC/KRW Trading Pair in Upbit
On March 17th, it was reported that in Upbit, the volume of MASK/KRW trading pairs exceeded 272.2 billion won in the past 24 hours, once surpassing BTC/KRW, ran
-
Ethereum Layer2 Lock-up Volume Reaches $5.65 Billion
According to reports, L2BEAT data showed that as of March 12, the total lock-up volume on Ethereum Layer2 was $5.65 billion. Among them, the largest amount of l
-
Coinglas: Network Sells Out $168 Million in 24 Hours
According to the report, according to the data of Coinglas, the whole network has sold out 168 million dollars in the past 24 hours, including 46111000 dollars
-
The Risks of Investing in New Cryptocurrency Tokens
According to the news on February 17, Chainalysis found after analyzing all the tokens launched on Ethereum and BNBChain in 2022 that out of the 1.1 million ne…
-
Bitcoin Hits All-Time Highs: How to Navigate the Volatile Market
According to reports, the market shows that BTC has exceeded $30500 and is currently trading at $30503.1, with a daily increase of 0.66%. The market is highly v
-
Investigation into Credit Suisse Acquisition by UBS: Swiss Federal Prosecutors Launch Probe
On April 2, according to a report by the Financial Times, Swiss federal prosecutors have launched an investigation into the acquisition of Credit Suisse by a la
-
National Australia Bank Completes First Inter-Bank Cross-Border Transaction on Ethereum
According to reports, National Australia Bank said that it had completed the first inter-bank cross-border transaction through Ethereum using its own stable cur
-
The Importance of PCAOB and its Impact on the Financial Industry with Polygon and Voyager as Examples in Lido Finance
7:00-12:00 Keyword: PCAOB, Polygon, Voyager, Lido Finance
Summary of important developments at noon on March 9
Analysis based on this information:
The Public Co -
Starbucks’ Odyssey Plan a Success According to Bank of America Reports
According to reports, Bank of America said that Starbucks\’ Odyssey plan has seen early signs of success. Members can earn points by completing interactive jour…