Wault Finance suffered a flash loan attack resulting in losses of approximately $888,000 and WUSD minting was temporarily disabled as an initial safeguard.
Flash Loan Attack
Wault Finance, a decentralized finance(DeFi) protocol, became the latest victim of a flash loan attack that stole $888,000.
A leading audit firm, PeckShield first identified the transaction flash loan exploit on August 4th according to their official Tweet. The audit firm later identified the flawed stake() function via an updated thread.
That function allowed for the balance of the USDT/WEX liquidity to be manipulated. The $WEX token tumbled to about half of its value prior to the exploit before slightly recovering.
“The attacker repeats stake() 68 times. Each time the WUSDMaster is coded (forced) to swap 10% of the staked USDT (250K) into WEX via the imbalanced USDT_WEX pair, which becomes even [more] skewed,” stated the detailed post mortem via the Tweet thread. The Tweet went on to explain that.” At the end, the attacker makes a reverse swap from WEX to USDT for profit.”
The hacker was able to repeatedly utilize flash loans and the compromised stake() function to artificially inflate the WEX price. This was done through manipulating the balance of tokens in the WEX/USDT pool.
Wault Finance Addresses the Exploit
The team took preventive action an hour after the initial red flags shutting down WUSD minting. This was released in a Twitter thread which detailed a basic post mortem of the event.
It was later found that solely the USDT/WEX pool had been compromised via the WEX contract according to a Wault Finance Tweet. The vulnerability was contained after all WEX was drained from the contract – resulting in a loss of $888,000
The Wault Finance community was shaken by this sudden news because the contracts were audited by reputable cybersecurity companies.
Reparative Action by Wault Finance
The team has taken steps to remedy and minimise the impact of the exploit. In the Twitter thread published by Wault they outlined 3 steps that will be taken:
The buying back of $WEX will, to an extent, stabilize the price. However, the negative impact of this exploit might leave irreparable damage.
The two audit companies, CertiK and Hacken, are highly regarded and it goes to show that audit firms are susceptible to human flaws as well. Peckshield was not one of the auditing companies but the first to report on the incident.
Balancing Risk and Reward
Most exploits have taken place on platforms offering DeFi services. New platforms are attractive investment opportunities because it has not realized its full potential.
This reward will often come with certain risks. Existing platforms that have stood the test of time have a reduced risk of potential exploits.
Apart from counting on audits by professionals, proper risk allocation by investors is also important.
Source : bsc.news
Founded in 2020, BSCNews is the leading media platform covering decentralized finance (DeFi) on the Binance Smart Chain (BSC). We cover a wide range of blockchain news revolving mainly around the DeFi sector of the crypto markets. BSCNews aims to inform, educate and share information with the global investment community through our website, social media, newsletters, podcasts, research, and live ask me anything (AMA). Our content reaches hundreds of thousands of global investors who are active in the BSC DeFi space.