Omniscia, the auditing accomplice of Euler Finance, has launched a autopsy report on the identical which acknowledged that the vulnerability that was exploited by the malicious hackers originated from the decentralized finance lending protocol’s incorrect donation mechanism that did not account for the donator’s debt well being.
The susceptible code launched in eIP-14 led to a number of modifications all through the Euler ecosystem. This enabled the attacker to create an over-leveraged place and liquidate it themselves in the identical block by artificially inflicting it to go “under-water,” mentioned the agency in a statement.
- The characteristic on the middle of the vulnerability was not within the scope of any audit performed by Omniscia.
- An outdoor audit was accountable for reviewing the susceptible code, which was later authorised.
- Nonetheless, the vulnerability was not found as a part of that audit and remained on-chain for eight months till it was exploited on March thirteenth regardless of a $1 million bug bounty in place.
- The flawed etoken module has been disabled to stop deposits and the susceptible donation operate.
- Following the attack, the DeFi protocol revealed working with varied safety teams to carry out audits and has additionally tapped legislation enforcement businesses to get well the funds.
“We’re devastated by the impact of this assault on Euler protocol customers and can proceed to work with our safety companions, legislation enforcement, and the broader group to resolve this as greatest we are able to. Thanks a lot in your assist and encouragement.”
Binance Free $100 (Unique): Use this link to register and obtain $100 free and 10% off charges on Binance Futures first month (terms).
PrimeXBT Particular Provide: Use this link to register & enter POTATO50 code to obtain as much as $7,000 in your deposits.