Oracle exploited by overstaking TRB and set the oracle price
https://twitter.com/BlockSecTeam/status/1621043757390123008 https://twitter.com/peckshield/status/1620917292514299904 https://twitter.com/akshaysrivastv/status/1621024859966050305 https://akshaysrivastav.hashnode.dev/culprit-behind-the-120-million-bonq-attack https://twitter.com/ggballas/status/1632682565231431685
Days in Operation:
100 pts each
Bonq is an over-collateralized lending platform that allows other projects to borrow against their own tokens. Users can lock up custom project tokens (like WALBT) in a Bonq smart contract (called trove) and mint BEUR, a coin pegged to the Euro. The BonqDAO protocol uses WeAreTellor, a Decentralized Oracle Protocol, which incentivizes permissionless data reporting and data validation. In short, anyone can report offchain data to Tellor oracles and any on-chain contract can consume that data. In other words, anyone can report any value as the price of a token. The only requirement to be a reporter is to stake 10 TRB tokens (Tellor protocol token). If the reporter reports incorrect price their staked amount (10 TRB) is slashed.
By staking only 1000 TRB tokens, Bonq protocol was exploited, where exploiter increased the ALBT price and minted large amounts of BEUR. Over 100m BEUR were minted. The BEUR was then swapped for other tokens on Uniswap. Then, the price was decreased to almost zero, which triggered the liquidation of ALBT troves.
The attacker then walks away by withdrawing the illicit gains with 113.8m WALBT and 98m BEUR (valued >$10M). Range of exploit value runs from low $5M to $120M due to the different valuation relating to the BEUR and ALBT tokens.
DISCLAIMER: While web3rekt has used the best efforts in aggregating and maintaining this database, this web site makes no representations or warranties with respect to the accuracy or completeness of its information and data herein, and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose.
Under no circumstances, shall web3rekt be liable for any loss of profit or funds, any regulatory or governmental penalties, any legal costs, or any other commercial and non-commercial damages, including but not limited to special, incidental, consequential, or other damages from any or all usage of the data and information derived from this database.