Friday , November 15 2024
Home / Crypto news / Euler Finance Flash Loan Exploit: Vulnerability Remained On-Chain for 8 Months

Euler Finance Flash Loan Exploit: Vulnerability Remained On-Chain for 8 Months

Summary:
Omniscia, the auditing partner of Euler Finance, has released a post-mortem report on the same which stated that the vulnerability that was exploited by the malicious hackers originated from the decentralized finance lending protocol’s incorrect donation mechanism that failed to account for the donator’s debt health. The vulnerable code introduced in eIP-14 brought about several modifications throughout the Euler ecosystem. This enabled the attacker to create an over-leveraged position and liquidate it themselves in the same block by artificially causing it to go “under-water,” said the firm in a statement. The feature at the center of the vulnerability was not in the scope of any audit conducted by Omniscia. An outside audit was responsible for reviewing the vulnerable

Topics:
Chayanika Deka considers the following as important: ,

This could be interesting, too:

Wayne Jones writes Bad News for Crypto? Elizabeth Warren to Succeed Sherrod Brown on House Banking Committee

Martin Young writes Ethereum’s Modular Strategy: Short-Term Pain, Long-Term Gain, Says Research

Wayne Jones writes DOJ Seeks M in Crypto from Binance Over FTX Bribery Allegations Involving SBF

Chayanika Deka writes Bitcoin Wallet Awakens After 13 Years, Transfers .67M Amid Market Surge

Omniscia, the auditing partner of Euler Finance, has released a post-mortem report on the same which stated that the vulnerability that was exploited by the malicious hackers originated from the decentralized finance lending protocol’s incorrect donation mechanism that failed to account for the donator’s debt health.

The vulnerable code introduced in eIP-14 brought about several modifications throughout the Euler ecosystem. This enabled the attacker to create an over-leveraged position and liquidate it themselves in the same block by artificially causing it to go “under-water,” said the firm in a statement.

  • The feature at the center of the vulnerability was not in the scope of any audit conducted by Omniscia.
  • An outside audit was responsible for reviewing the vulnerable code, which was later approved.
  • However, the vulnerability was not discovered as part of that audit and remained on-chain for eight months until it was exploited on March 13th despite a $1 million bug bounty in place.
  • The flawed etoken module has been disabled to prevent deposits and the vulnerable donation function.
  • Following the attack, the DeFi protocol revealed working with various security groups to perform audits and has also tapped law enforcement agencies to recover the funds.

“We are devastated by the effect of this attack on Euler protocol users and will continue to work with our security partners, law enforcement, and the broader community to resolve this as best we can. Thank you so much for your support and encouragement.”

You Might Also Like:

Leave a Reply

Your email address will not be published. Required fields are marked *