top of page
link.png

ID:

elasticswap-1355

blob_404.png

Date:

Status:

Incident Count:

December 13, 2022

Verified

2

info.png
REKT

Contributor:

chain.png

web3rekt.com

KYC By:

KYC:

None

info.png
50 pts

Audit By:

Audits:

None

Loss Amount:

567,329

info.png

Recovered:

510,596

Rewards:

Ticker:

USD, AMPL, USDC

info.png
100 pts each

ElasticSwap is an all new AMM focused on elastic supply tokens. The project was exploited for approx. 523 ETH.

Flash loans was utilized to manipulate price and the root cause is due to the mix/misuse of two accounting systems. For addLiquidity, it uses the internal accounting system, e.g., uses a constant K value algorithm; while for removeLiquidity, it calculates the tokens to return with the token-balance-based accounting system and reduces the internal accounting reserves.

The attacker first adds liquidity and transfers a certain amount of $USDC.e into the TIC-USDC pool, at which point the amount of USDC.e to be transferred to the attacker is multiplied by the number of LP tokens, then the attacker removes liquidity to make a profit.

info.png

DISCLAIMER: While web3rekt has used the best efforts in aggregating and maintaining this database, this web site makes no representations or warranties with respect to the accuracy or completeness of its information and data herein, and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose. 

Under no circumstances, shall web3rekt be liable for any loss of profit or funds, any regulatory or governmental penalties, any legal costs, or any other commercial and non-commercial damages, including but not limited to special, incidental, consequential, or other damages from any or all usage of the data and information derived from this database.

bottom of page