Feb 19, 2023
Auditor Uncovers Platypus Flash Loan Attack Code Error
The recent $8 million Platypus flash loan attack has been attributed to code being written in the wrong order, according to a post-mortem report from the company’s auditor Omniscia. The auditing firm claims that the code was not present in the version they evaluated.
In a tweet, the Omniscia team posted a technical post-mortem analysis that provides a detailed description of how the exploit occurred. The report states that the Platypus MasterPlatypusV4 contract contained a “fatal misconception in its emergencyWithdraw mechanism.” The code for the emergencyWithdraw function had all the necessary elements to prevent an attack, but they were written in the wrong order.
The audit was conducted on a version of the MasterPlatypusV1 contract from Nov. 21 to Dec. 5, 2021. This version “contained no integration points with an external platypusTreasure system” and therefore did not contain the misordered lines of code. This implies that the developers must have deployed a new version of the contract after the audit.
The Platypus team confirmed on Feb. 16 that the attacker exploited a “flaw in [the] USP solvency check mechanism.” The report from the auditor sheds further light on how the attacker may have been able to accomplish the exploit. The attacker used flashed loans to execute the exploit, which is similar to the strategy used in the Defrost Finance exploit on Dec. 25, 2022.
The Platypus team announced on Feb. 16 that the attack had occurred and has since attempted to contact the hacker and get the funds returned in exchange for a bug bounty.
The incident has raised a number of questions about the importance of NFT marketing and promotion, as well as the need for web3 agencies and NFT marketing agencies to ensure the security of contracts. It is also a reminder of the need for proper auditing and security protocols when deploying smart contracts. As the crypto space continues to grow and evolve, it is essential that companies and developers remain vigilant in order to protect their users and their investments.
Disclaimer: All investment or financial opinions expressed by MoonLanding Media are not recommendations and are intended for entertainment purposes only. Do your own research prior to making any kind of investment. This article has been generated based on trending topics, has not been fact checked and may contain incorrect information. Please verify all information before relying on it.
