A 'warden' of the DittoETH platform discovered that an attacker could mint massive amounts of tokens by forcing token prices to diverge from their oracle prices, leading to excessive profits and compromising the protocol's ability to survive.
The vulnerability was discovered by Code4rena warden あああああ and initially not believed by the DittoETH team, until further evidence was presented.
The exploit was related to a faulty mechanism for distributing 'discount fees' to depositors in DittoETH's yDUSD vault, which are newly minted tokens paid out during times of market stress to incentivize liquidity providers.
The vulnerability has been removed through mitigation in a newer test version of DittoETH, meaning it will not be added to the production version.
Code4rena is a crowd-sourced auditing platform where 'wardens' compete to discover vulnerabilities in Web3 protocols in exchange for prize money, without hosting 'bug bounty' style competitions.
Source: https://cointelegraph.com/news/code4rena-discount-fee-exploit-defi
The information provided in this article is for informational and educational purposes only, based on news and sources gathered from the internet. This content should not be considered as investment advice, financial guidance, or a suggestion to buy or sell any digital assets. Before making any financial decisions, we recommend consulting with a professional financial advisor and conducting your own research. The author and the blog are not responsible for any losses or damages that may arise from using this content.
Comments