Feb 18, 2023
$8M Platypus Flash Loan Attack Due to Misordered Code
Omniscia, the auditor of the Platypus flash loan attack, which resulted in the loss of $8 million, has released a post-mortem report, shedding light on the incident. The report claims that the attack was made possible due to code that was written in the wrong order.
The report states that the Platypus MasterPlatypusV4 contract “contained a fatal misconception in its emergencyWithdraw mechanism” which made it perform “its solvency check before updating the LP tokens associated with the stake position.”
Omnisia audited a version of the MasterPlatypusV4 contract from Nov. 21 to Dec. 5, 2021. However, this version “contained no integration points with an external platypusTreasure system” and therefore did not contain the misordered lines of code.
The auditor claims that the contract implementation at Avalanche (AVAX) C-Chain address 0xc007f27b757a782c833c568f5851ae1dfe0e6ec7 is the one that was exploited. Lines 582-584 of this contract appear to call a function called “isSolvent” on the PlatypusTreasure contract, and lines 599-601 appear to set the user’s amount, factor, and rewardDebt to zero. However, these amounts are set to zero after the “isSolvent” function has already been called.
The Platypus team confirmed on Feb. 16 that the attacker exploited a “flaw in [the] USP solvency check mechanism,” but the team did not initially provide further detail. This new report from the auditor sheds further light on how the attacker may have been able to accomplish the exploit.
The Platypus team has attempted to contact the hacker and offer a bug bounty in exchange for the funds. The attacker used flashed loans to perform the exploit, which is similar to the strategy used in the Defrost Finance exploit of Dec. 25.
The incident has highlighted the importance of code audits and the need for developers to ensure that the code they write is secure. It has also highlighted the potential of flash loans and the power of NFT promotion and marketing.
The use of flash loans for NFT marketing can be a powerful tool for both buyers and sellers. By using flash loans, buyers can purchase NFTs quickly and efficiently, while sellers can use them to promote their NFTs and reach a larger audience.
However, it is important to remember that flash loans can be used for malicious purposes. Developers must ensure that their code is secure and that they are aware of the risks associated with flash loans.
The incident has also highlighted the importance of working with a web3 agency or NFT marketing agency that can help promote and market NFTs on platforms such as Twitter. These agencies can help ensure that NFTs are marketed and promoted in a safe and secure manner.
In conclusion, the Platypus flash loan attack has highlighted the importance of code audits and the need for developers to ensure that their code is secure. It has also highlighted the potential of flash loans and the power of NFT promotion and marketing. By working with a web3 agency or NFT marketing agency, developers can ensure that their NFTs are promoted and marketed in a safe and secure manner.
Disclaimer: All investment or financial opinions expressed by MoonLanding Media are not recommendations and are intended for entertainment purposes only. Do your own research prior to making any kind of investment. This article has been generated based on trending topics, has not been fact checked and may contain incorrect information. Please verify all information before relying on it.
