Feb 19, 2023
$8M Platypus Attack Exploited Misordered Code
The recent $8m Platypus flash loan attack has been attributed to a coding error, according to a post mortem report from Platypus auditor Omniscia. The audit company claims the misordered code was not present in the version they originally saw.
Omniscia reported that the Platypus MasterPlatypusV4 contract was the source of the issue. The contract had the necessary elements to prevent an attack, but the code was written in the wrong order. The auditor explained that the solvency check should have been performed after the user’s amount entry was set to zero, which would have prohibited the attack from taking place.
The auditor also noted that the version of the MasterPlatypusV4 contract they audited from Nov. 21 to Dec. 5, 2021 did not contain the misordered lines of code. This implies that a new version of the contract was deployed after the audit was made.
The auditor claims that the contract implementation at Avalanche (AVAX) C-Chain address 0xc007f27b757a782c833c568f5851ae1dfe0e6ec7 is the one that was exploited. Lines 582-584 of this contract appear to call a function called “isSolvent” on the PlatypusTreasure contract, and lines 599-601 appear to set the user’s amount, factor, and rewardDebt to zero. However, these amounts are set to zero after the “isSolvent” function has already been called.
The Platypus team confirmed on Feb. 16 that the attacker exploited a “flaw in [the] USP solvency check mechanism,” but the team did not initially provide further detail. This new report from the auditor sheds further light on how the attacker may have been able to accomplish the exploit.
The Platypus team announced on Feb. 16 that the attack had occurred. It has attempted to contact the hacker and get the funds returned in exchange for a bug bounty. The attacker used flashed loans to perform the exploit, similar to the strategy used in the Defrost Finance exploit of Dec. 25.
The incident has highlighted the importance of security when it comes to crypto and web3 projects. NFTs, in particular, have become increasingly popular in the crypto space, and the need for proper security measures is more important than ever. As such, it is essential that projects take the necessary steps to ensure their code is properly audited and secure, and that they have a proper NFT marketing and promotion strategy in place to ensure their project is successful.
NFT marketing is an important part of any crypto project, and there are a number of ways to promote NFTs. Platforms such as Twitter are great for NFT promotion, as they allow projects to reach a large audience quickly and easily. Additionally, NFT marketing agencies can help projects create effective campaigns that will help them reach their target audience and increase their visibility.
The Platypus incident is a reminder that projects need to be aware of the risks associated with their code and take the necessary steps to ensure they are secure. Projects should also consider working with a web3 agency or NFT marketing agency to ensure their project is successful. By taking the necessary steps to ensure their code is secure and their project is properly promoted, projects can help ensure their success.
Disclaimer: All investment or financial opinions expressed by MoonLanding Media are not recommendations and are intended for entertainment purposes only. Do your own research prior to making any kind of investment. This article has been generated based on trending topics, has not been fact checked and may contain incorrect information. Please verify all information before relying on it.
