Feb 18, 2023
$8M Platypus Attack Caused by Misordered Code
The recent $8m Platypus flash loan attack has been the subject of much speculation. Now, an audit report from Omniscia has shed light on the exploit, revealing that the attack was made possible because of code written in the wrong order.
The audit team claims that the MasterPlatypusV4 contract contained a fatal misconception in its emergencyWithdraw mechanism. The code for the emergencyWithdraw function had all of the necessary elements to prevent an attack, but the order in which they were written was incorrect. This allowed the attacker to exploit the contract.
Omniscia audited a version of the MasterPlatypusV4 contract from Nov. 21 to Dec. 5, 2021. However, this version did not contain the misordered lines of code. This implies that the developers must have deployed a new version of the contract at some point after the audit was made.
The report highlights lines 582-584 of the contract at Avalanche (AVAX) C-Chain address 0xc007f27b757a782c833c568f5851ae1dfe0e6ec7, which call a function called “isSolvent” on the PlatypusTreasure contract. Lines 599-601 appear to set the user’s amount, factor, and rewardDebt to zero. However, these amounts are set to zero after the “isSolvent” function has already been called.
The Platypus team confirmed on Feb. 16 that the attacker exploited a “flaw in [the] USP solvency check mechanism”, but the team did not initially provide further detail. This new report from the auditor sheds further light on how the attack was able to be accomplished.
The Platypus team has attempted to contact the hacker and get the funds returned in exchange for a bug bounty. The attacker used flashed loans to perform the exploit, which is similar to the strategy used in the Defrost Finance exploit of Dec. 25.
The attack has highlighted the need for more secure code when it comes to developing smart contracts for NFTs and other crypto-assets. Developers must ensure that the necessary elements are in place to prevent attacks, and that they are written in the correct order.
In addition, the attack has also highlighted the need for better NFT marketing and promotion. As the demand for NFTs grows, so too does the need for effective NFT marketing and promotion. Companies must ensure that they are using the right strategies to promote their NFTs, such as Twitter NFT marketing and NFT marketing agencies. They must also ensure that they are selling their NFTs in the most effective way possible.
The Platypus attack has been a stark reminder of the importance of secure code and effective NFT marketing and promotion. Companies must ensure that they are taking the necessary steps to protect their assets and promote their NFTs in the most effective way possible.
Disclaimer: All investment or financial opinions expressed by MoonLanding Media are not recommendations and are intended for entertainment purposes only. Do your own research prior to making any kind of investment. This article has been generated based on trending topics, has not been fact checked and may contain incorrect information. Please verify all information before relying on it.
