Hdr_About.jpg

Detail Analysis

link.png

Date:

Status:

Count:

Contributor:

July 23, 2021

info.png

Verified

4

zerofriction.io

Loss Amount:

8,000,000

info.png

Recovered Amount:

-

Currency:

Dollars, ALCX, XRUNE, USDC, SUSHI, YFI, USDT

KYC By:

Audit By:

None

Certik

info.png

Key Indicators

Platform:

Type:

Category:

Method:

Thorchain

Protocol

Dexes

Contract Vulnerabilities

Extended Method:

Contract vulnerabilities

Data Sources:

info.png

THORChain (RUNE), a decentralized cross-chain transaction protocol, said it was attacked again, and many ERC20 tokens including XRUNE were affected. Thorchain told CoinDesk a whitehat hacker deployed a custom contract that was able to trick its Bifrost Protocol into receiving a deposit of fake assets. Not long ago, THORChain updated Eth Bifrost to allow the routing contract to be "encapsulated" by the contract. The attacker uses this to send a transaction with msg.value = 200 ETH and immediately uses the contract to transfer it back to itself, while Bifrost will report msg. value = 200 instead of depositAmount = 0, so as to realize the profit of calling the routing contract with the amount of 0 ETH. The attack was very restrained eluding that the attacker may be a whitehat hacker.

info.png

DISCLAIMER: While Zero Friction LLC has used the best efforts in aggregating and maintaining this database, Zero Friction LLC makes no representations or warranties with respect to the accuracy or completeness, and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose. 

Under no circumstances, shall Zero Friction LLC be liable for any loss of profit or funds, any regulatory or governmental penalties, any legal costs, or any other commercial and non-commercial damages, including but not limited to special, incidental, consequential, or other damages from any or all usage of the dataset or information derived from our database.