Feb 19, 2023

Auditor Reveals Fatal Flaw Behind $8M Platypus Flash Loan Attack

The $8 million flash loan attack on Platypus was made possible due to a code misorder, according to a post-mortem report from Platypus auditor Omniscia. The auditing agency noted that the faulty code was not present in the version they had audited.

The report, released on Twitter, highlighted that the Platypus MasterPlatypusV4 contract “contained a fatal misconception in its emergencyWithdraw mechanism,” which caused it to perform its solvency check prior to updating the LP tokens associated with the stake position. The code for emergencyWithdraw had all the necessary elements to prevent an attack, but it was written in the wrong order.

This audit was conducted on a version of the MasterPlatypusV1 contract from November 21 to December 5, 2021. This version did not have any integration points with an external platypusTreasure system and thus, did not have the misordered code.

The Platypus team confirmed on February 16 that the attacker had exploited a “flaw in [the] USP solvency check mechanism,” but did not provide any further details. Omniscia’s report revealed that the contract implementation at Avalanche C-Chain address 0xc007f27b757a782c833c568f5851ae1dfe0e6ec7 was the one that was exploited. The lines 582–584 of this contract called a function called “isSolvent” on the PlatypusTreasure contract, while lines 599–601 set the user’s amount, factor, and rewardDebt to zero after the “isSolvent” function had been called.

The Platypus team announced the attack on February 16. They have attempted to contact the hacker and get the funds returned in exchange for a bug bounty. The attacker used flashed loans to perform the exploit, which is similar to the strategy used in the Defrost Finance exploit on December 25, 2022.

The incident has raised questions about the security of NFTs and other crypto assets. As such, many companies are now turning to web3 agencies and NFT marketing agencies to help promote, market, and sell their NFTs. These agencies specialize in Twitter NFT marketing and other forms of NFT promotion, helping to ensure the secure sale of NFTs.

Disclaimer: All investment or financial opinions expressed by MoonLanding Media are not recommendations and are intended for entertainment purposes only. Do your own research prior to making any kind of investment. This article has been generated based on trending topics, has not been fact checked and may contain incorrect information. Please verify all information before relying on it.