Rewards - Bug Bounties
As the result of two transactions which sandwich the victim transaction in the middle, where the victim transaction is the harvest function.
Days in Operation:
Whitehat Wen-Ding Li reported a vulnerability in Mushrooms Finance classified as “high” to Immunefi on April 27. The vulnerability was a theft of yield, but the attack was not a flash loan. Rather, the attack was an MEV (miner-extractable value) attack with flash bots, which is similar but distinct from a flash loan.
Regrettably, the vulnerability was exploited twice (block 12312954 (~0.0345 eth) and block 12319752 (~0.0504 ETH)) prior to Wen-Ding Li’s report, leading to a loss of ~$222 in total. Mushrooms Finance has since patched the vulnerability. If this attack had not been mitigated swiftly by Mushrooms, it would have been repeatable.
Theft of yield vulnerabilities occur when an attacker finds a way to steal the yield (not original user funds) generated from some on-chain financial activity like staking.
DISCLAIMER: While web3rekt has used the best efforts in aggregating and maintaining this database, this web site makes no representations or warranties with respect to the accuracy or completeness of its information and data herein, and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose.
Under no circumstances, shall web3rekt be liable for any loss of profit or funds, any regulatory or governmental penalties, any legal costs, or any other commercial and non-commercial damages, including but not limited to special, incidental, consequential, or other damages from any or all usage of the data and information derived from this database.