Feb 19, 2023

$8M Platypus Attack Caused by Misordered Code

The recent attack on the $8m Platypus flash loan has been linked to a coding error, according to a post mortem report from Platypus auditor Omniscia. The auditing company claims the problematic code wasn’t present in the version they saw.

The report from the auditor stated that the Platypus MasterPlatypusV4 contract “contained a fatal misconception in its emergencyWithdraw mechanism” which made it perform “its solvency check before updating the LP tokens associated with the stake position.” The code for the emergencyWithdraw function had all of the necessary elements to prevent an attack, but these elements were simply written in the wrong order, as Omniscia explained.

Omniscia audited a version of the MasterPlatypusV4 contract from Nov. 21 to Dec. 5, 2021, but the version “contained no integration points with an external platypusTreasure system” and therefore did not contain the misordered lines of code. This implies that the developers must have deployed a new version of the contract at some point after the audit was made.

The auditor claims that the contract implementation at Avalanche (AVAX) C-Chain address 0xc007f27b757a782c833c568f5851ae1dfe0e6ec7 is the one that was exploited. Lines 582-584 of this contract appear to call a function called “isSolvent” on the PlatypusTreasure contract, and lines 599-601 appear to set the user’s amount, factor, and rewardDebt to zero. However, these amounts are set to zero after the “isSolvent” function has already been called.

The Platypus team confirmed the attack on Feb. 16, but didn’t provide further detail. The auditor’s report sheds further light on how the attacker may have been able to accomplish the exploit. The team has attempted to contact the hacker and get the funds returned in exchange for a bug bounty. The strategy used in the attack is similar to the strategy used in the Defrost Finance exploit of Dec. 25.

The incident has raised questions about the security of NFTs and the need for better NFT marketing and promotion. NFTs are digital assets that are stored on the blockchain and they can be used to represent a variety of digital assets such as art, music, and collectibles. As the popularity of NFTs has grown, so has the need for effective NFT marketing and promotion.

NFT marketing agencies are popping up to help NFT creators and projects promote their projects and create awareness. These agencies specialize in NFT promotion and marketing, and they provide services such as Twitter NFT marketing, NFT marketing campaigns, and NFT promotion.

In addition to NFT marketing agencies, there are also web3 agencies that specialize in helping projects build their web3 presence. These agencies provide services such as building and deploying smart contracts, creating NFTs, and helping projects sell NFTs.

The Platypus incident is a reminder of the importance of security and the need to ensure that code is written correctly. It’s also a reminder of the need for NFT marketing and promotion to help projects create awareness and increase the visibility of their projects. With the right NFT marketing strategies, projects can increase their chances of success and make sure that their projects are successful.

Disclaimer: All investment or financial opinions expressed by MoonLanding Media are not recommendations and are intended for entertainment purposes only. Do your own research prior to making any kind of investment. This article has been generated based on trending topics, has not been fact checked and may contain incorrect information. Please verify all information before relying on it.