Days in Operation:
AngoraDefi reported that over $8.2 million were drained due to a vulnerability in Starstream's distributor treasury contract. SlowMist (https://twitter.com/SlowMist_Team/status/1512482679660245000?s=20&t=stygd_MwbsW0aBElMHUr7Q) investigated and reported the following findings:
WithdrawTokens function in the StarstreamTreasury contract can only be called by the owner to withdraw the reserves in the contract. On 4/7/22 @ 11:58:24 PM +8UTC, ownership of the StarstreamTreasury contract was transferred to a new DistributorTreasury contract (0x6f. . 25).
The execute function in the new DistributorTreasury contract had a bug that allowed any user to make external calls through this function. The hacker used this function to call the withdrawTokens function to withdraw 532,571,155.859 stars stored in the contract.
The stolen #STARS were used as collateral on Agora DeFi to borrow funds. Part of the borrowed funds was then used to increase the price of STARs to increase their collateral.
DISCLAIMER: While web3rekt has used the best efforts in aggregating and maintaining this database, this web site makes no representations or warranties with respect to the accuracy or completeness of its information and data herein, and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose.
Under no circumstances, shall web3rekt be liable for any loss of profit or funds, any regulatory or governmental penalties, any legal costs, or any other commercial and non-commercial damages, including but not limited to special, incidental, consequential, or other damages from any or all usage of the data and information derived from this database.