link.png

ID:

pods-finance-1137

Date:

Status:

Incident Count:

June 25, 2021

Near-Miss

1

info.png
target.png
REKT

Contributor:

chain.png

web3rekt.com

KYC By:

KYC:

None

info.png

Audit By:

Audits:

None

Loss Amount:

-

info.png

Recovered:

-

Rewards:

4,000

Currency:

USD

info.png

Key Indicators

Platform:

Type:

Category:

Method:

Data Sources:

Ethereum

Protocol

Derivatives

Rewards - Bug Bounties

Extended Method:

Logic error in reward calculation allowing a malicious attacker to claim rewards owed to other users and drain the entire contract.

info.png

Days in Operation:

860

(2.36 Years)

chain.png
chain.png
chain.png
chain.png
datasource.png

Pods Finance develops decentralized protocol intended to hedge crypto using decentralized finance. The company's platform offers tailor-made Defi options, put options, and call options, helping users to hedge crypto and protect a portfolio with pods protocol.

Whitehat Csanuragjain submitted a vulnerability to Immunefi regarding Pods Finance. The vulnerability was given a severity rating of “high”, as it is a logic error that allows for theft of yield or abuse of the rewards system on the protocol. The contract was not deployed on mainnet, so there were no funds at risk. Pods Finance received the report, evaluated it, and paid out $4,000 USDC to the whitehat in just 13 minutes, winning the award by far for the fastest ever bug bounty response and pay-out on Immunefi.

Pods Finance has a rewards system that mints rewards for users who issue options, but the reward calculation logic itself, present in both AavePodPut.sol and AavePodCall.sol, allows a malicious attacker to claim rewards owed to other users and drain the entire contract.

info.png

DISCLAIMER: While web3rekt has used the best efforts in aggregating and maintaining this database, this web site makes no representations or warranties with respect to the accuracy or completeness of its information and data herein, and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose. 

Under no circumstances, shall web3rekt be liable for any loss of profit or funds, any regulatory or governmental penalties, any legal costs, or any other commercial and non-commercial damages, including but not limited to special, incidental, consequential, or other damages from any or all usage of the data and information derived from this database.