Does not handle flashloans of ERC677 tokens properly
Days in Operation:
FilDA is a highly secure decentralized digital asset banking platform. Huobi ECO Chain (HECO) and IoTeX provide a safe and secure environment with fast transactions and low fees. An exploit was orchestrated by an attacker on FilDA-ESC resulting in a lost of $1.677M of various stablecoins.
The root cause of this issue is that the protocol does not handle flashloans of ERC677 tokens properly.
Identified attack path was:
1. The underlying token is borrowed via a flashloan.
2. The borrowed token is then deposited into the protocol via the callback function, which is controlled by the attacker. Lots of extra fTokens are minted at this step.
3. The borrowed token is returned to the protocol via a flashloan callback, but lots of fTokens are left to the attacker.
4. Most of the cash in the lending pool is redeemed.
DISCLAIMER: While web3rekt has used the best efforts in aggregating and maintaining this database, this web site makes no representations or warranties with respect to the accuracy or completeness of its information and data herein, and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose.
Under no circumstances, shall web3rekt be liable for any loss of profit or funds, any regulatory or governmental penalties, any legal costs, or any other commercial and non-commercial damages, including but not limited to special, incidental, consequential, or other damages from any or all usage of the data and information derived from this database.