Feb 19, 2023
Auditor: Wrongly Ordered Code Led to $8M Platypus Flash Loan Attack
The recent $8 million Platypus flash loan attack was made possible due to a coding error, according to a post-mortem report from the project’s auditor, Omniscia. The company has stressed that the code in question was not present in the version they audited.
Omniscia released a statement on Twitter, saying: “In light of the recent @Platypusdefi incident the https://t.co/30PzcoIJnt team has prepared a technical post-mortem analysis describing how the exploit unravelled in great details. Be sure to follow @Omniscia_sec to receive more security updates!”
The report outlined that the Platypus MasterPlatypusV4 contract “contained a fatal misconception in its emergencyWithdraw mechanism,” which allowed the attack to take place. The code in question was written in the wrong order, meaning that the solvency check was performed before updating the LP tokens associated with the stake position.
Omniscia audited a version of the MasterPlatypusV1 contract from Nov. 21 to Dec. 5, 2021, which did not contain the misordered lines of code. The company believes that the developers must have deployed a new version of the contract at some point after the audit was made.
The Platypus team confirmed on Feb. 16 that the attacker had exploited a “flaw in [the] USP solvency check mechanism,” but the team did not initially provide further detail. This new report from the auditor sheds further light on how the attacker may have been able to accomplish the exploit.
The Platypus team announced on Feb. 16 that the attack had occurred. It has attempted to contact the hacker and get the funds returned in exchange for a bug bounty. The attacker used flashed loans to perform the exploit, which is similar to the strategy used in the Defrost Finance exploit on Dec. 25, 2022.
The incident has highlighted the importance of NFT marketing and the need for crypto projects to promote their NFTs in order to increase awareness and engagement. As a result, there has been an increase in the number of NFT marketing agencies and web3 agencies that specialize in selling NFTs.
Twitter has become an increasingly popular platform for NFT promotion, with many projects using the platform to advertise their NFTs. This provides an opportunity for NFT marketing agencies to reach a larger audience and increase the visibility of their clients’ projects.
Overall, the Platypus incident has highlighted the importance of code security and the need for projects to have their contracts audited regularly. It has also highlighted the importance of NFT marketing and the need for crypto projects to promote their NFTs in order to increase awareness and engagement.
Disclaimer: All investment or financial opinions expressed by MoonLanding Media are not recommendations and are intended for entertainment purposes only. Do your own research prior to making any kind of investment. This article has been generated based on trending topics, has not been fact checked and may contain incorrect information. Please verify all information before relying on it.
