Days in Operation:
100 pts each
Thoreum Finance announed that multiple farms their native tokens were exploited all the way to $0.00. KetchupSwap, Lokum, YBear, Piggy, CaramelSwap. Sadly enough GoCerberus and Garuda were exploited as well. All non-native funds in our contracts are safe, and you are able to withdraw them without a problem. The exploit limits itself specifically to the native token only, and when executed it allowed the exploiter to amplify their rewards by a massive amount to effectively mint as many tokens as they want. The exact value stolen through the hack is still unclear. However, potentially the hacker got away with an amount of money comparable to the market cap of each of these projects. The GARUDA token has a market cap of around $2 million, while CERBERUS was closer to $4 million. Add the other farms, and we’re probably looking at a $10 million exploit. Ultimately this gave space for the hacker to exploit the contract. Because the MasterChef contract was never designed to compare user balances and pool balances, users were able to generate so many tokens in a single harvest that they could instantly empty the pool. Basically, the hacker could generate thousands of tokens, even if there was only one token in the pool. This happened to GarudaSwap, Cerberus, KetchupSwap, and all others.
DISCLAIMER: While web3rekt has used the best efforts in aggregating and maintaining this database, this web site makes no representations or warranties with respect to the accuracy or completeness of its information and data herein, and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose.
Under no circumstances, shall web3rekt be liable for any loss of profit or funds, any regulatory or governmental penalties, any legal costs, or any other commercial and non-commercial damages, including but not limited to special, incidental, consequential, or other damages from any or all usage of the data and information derived from this database.