Feb 19, 2023
Auditor: Platypus Attack Made Possible by Misordered Code
Omniscia, the auditor of the now-infamous Platypus flash loan attack, has released a post-mortem report on the incident. The report claims that the code which enabled the attack was written in the wrong order, and that this code did not exist in the version of the contract that Omniscia audited.
The report explains that the MasterPlatypusV4 contract contained a fatal misconception in its emergencyWithdraw mechanism. The code for the emergencyWithdraw function had all of the necessary elements to prevent an attack, but these elements were written in the wrong order. According to the report, if the code had been written in the correct order, the attack would have been prevented.
Omniscia audited a version of the MasterPlatypusV1 contract from Nov. 21 to Dec. 5, 2021. However, this version did not contain the misordered lines of code, which implies that the developers must have deployed a new version of the contract at some point after the audit.
The report goes on to explain that the code that was exploited was located in the Avalanche C-Chain address 0xc007f27b757a782c833c568f5851ae1dfe0e6ec7. It appears that the code called a function called “isSolvent” on the PlatypusTreasure contract, but the user’s amount, factor and rewardDebt were set to zero after this function had already been called.
The Platypus team had previously confirmed that the attack was due to a “flaw in [the] USP solvency check mechanism,” but the team did not initially provide further detail. This new report from the auditor sheds further light on how the attacker may have been able to accomplish the exploit.
The Platypus team has attempted to contact the hacker and get the funds returned in exchange for a bug bounty. The attacker used flashed loans to perform the exploit, which is similar to the strategy used in the Defrost Finance exploit on Dec. 25, 2022.
The incident has highlighted the importance of NFT marketing and promotion, as well as the need for web3 agencies to provide thorough audits of smart contracts. It is essential for crypto projects to ensure their contracts are secure and properly audited, as the consequences of an exploit can be devastating.
Twitter NFT marketing is also becoming increasingly popular, as it provides an effective way for projects to promote their NFTs. NFT marketing agencies are also becoming more popular, as they are able to provide tailored strategies for selling NFTs.
By taking the necessary steps to ensure the security of their contracts and properly promoting their NFTs, projects can minimize the risk of an attack and maximize their chances of success.
Disclaimer: All investment or financial opinions expressed by MoonLanding Media are not recommendations and are intended for entertainment purposes only. Do your own research prior to making any kind of investment. This article has been generated based on trending topics, has not been fact checked and may contain incorrect information. Please verify all information before relying on it.
