Hdr_About.jpg

Detail Analysis

link.png

Date:

Status:

Count:

Contributor:

April 12, 2022

info.png

Verified

1

zerofriction.io

Loss Amount:

1,677,000

info.png

Recovered Amount:

-

Currency:

Dollars, USDC, HUSD, BUSD, BTC, ETH

KYC By:

Audit By:

None

Certik, FairyProof, PeckShield, SlowMist

info.png

Key Indicators

Platform:

Type:

Category:

Method:

Elastos Sidechain

Protocol

Lending

Contract Vulnerabilities

Extended Method:

Does not handle flashloans of ERC677 tokens properly

Data Sources:

info.png

FilDA is a highly secure decentralized digital asset banking platform. Huobi ECO Chain (HECO) and IoTeX provide a safe and secure environment with fast transactions and low fees. An exploit was orchestrated by an attacker on FilDA-ESC resulting in a lost of $1.677M of various stablecoins.

The root cause of this issue is that the protocol does not handle flashloans of ERC677 tokens properly.

Identified attack path was:

1. The underlying token is borrowed via a flashloan.
2. The borrowed token is then deposited into the protocol via the callback function, which is controlled by the attacker. Lots of extra fTokens are minted at this step.
3. The borrowed token is returned to the protocol via a flashloan callback, but lots of fTokens are left to the attacker.
4. Most of the cash in the lending pool is redeemed.

info.png

DISCLAIMER: While Zero Friction LLC has used the best efforts in aggregating and maintaining this database, Zero Friction LLC makes no representations or warranties with respect to the accuracy or completeness, and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose. 

Under no circumstances, shall Zero Friction LLC be liable for any loss of profit or funds, any regulatory or governmental penalties, any legal costs, or any other commercial and non-commercial damages, including but not limited to special, incidental, consequential, or other damages from any or all usage of the dataset or information derived from our database.