Hacking Alert: Popsicle Finance ($ICE) Suffers $25 Million Exploit, Price Falls by 50%

Popsicle Finance ($ICE), a multichain yield optimization platform for liquidity providers has become the latest Defi protocol to face a major exploit on its network. The hackers managed to drain a whopping $25 million by exploiting a bug in the reward debt mechanism.
Source: Etherscan
Mudit Gupta, a known bug bounty hunter explained that the protocol doesn’t transfer reward debt when users send their share of tokens. The network updates `token0PerSharePaid` and `token1PerSharePaid` against depositors to keep track of the deposited tokens. This way the protocol payout users from the date they entered rather than from the first day. However, the bug here is that these variables are not updated as soon as the user deposits tokens into the system.
This way a user can claim rewards for the same share from multiple accounts as it is not registered on the network. This was what the explorers did with the Popsicle finance and managed to get away with $25 million worth of tokens.
Source: Twit

Czytaj więcej

Źródło: https://coingape.com/hacking-alert-popsicle-finance-ice-suffers-25-million-exploit-price-falls-by-50/

Dodaj komentarz

Podobne Wpisy