Flash loan attack
Hao, an engineer at DeBank, tweeted that an attacker was able to fool the Balancer system into thinking he was owed a significant portion of the COMP tokens stored in the decentralized exchange’s pool. The attack involved flash loans from both dYdX and Uniswap. The hacker loaned more than $33 million that was used to generate cTokens representing ownership in a Compound pool. The attacker then transferred the cTokens to a Balancer pool. This triggered Compound into distributing the COMP accrued by the pool during its normal operation. The hacker then forced Balancer to update the pool’s balance, which at this point included all of the flash loaned money. The system thus believed that the hacker was entitled to a significant share of the pool’s COMP, despite not having held any money previously. A call to withdraw the COMP and exchange it to ETH completed the hack, which netted a relatively small sum of about 10 COMP, worth $2,300.
DISCLAIMER: While Zero Friction LLC has used the best efforts in aggregating and maintaining this database, Zero Friction LLC makes no representations or warranties with respect to the accuracy or completeness, and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose.
Under no circumstances, shall Zero Friction LLC be liable for any loss of profit or funds, any regulatory or governmental penalties, any legal costs, or any other commercial and non-commercial damages, including but not limited to special, incidental, consequential, or other damages from any or all usage of the dataset or information derived from our database.