Even at the end of 2021, it’s not uncommon for DeFi protocols to come under some form of attack. For Indexed Finance, this attack happened recently and involved the theft of $ 16 million from two indices. Although the smart contract has been patched, it is still a stern warning for those who blindly entrust money to code on a blockchain.
A summary of the feat of index finance
- Indexed Finance suffered its first attack since its launch in December 2020.
- The attack saw $ 16 million in funds stolen from the DEFI5 and CC10 indices.
- Thanks to a pool rebalance exploit, the attacker was able to perform several smaller attacks against both clues.
- The problems started when the DEFI5 was ready for reindexing, which takes place once a week. The UNI value approached the pool value for SUSHI.
- Thanks to a feat, the attacker took $ 156 million in flash swaps for the initialized assets of DEFI5 to buy UNI from the Indexed Finance pool in pieces.
- By forcing an update of the minimum balance on the controller and a low UNI balance in the pool, the approximate value of the pool was calculated to a very low amount.
- The attacker crafted new DEFI5 in pieces via these purchased UNI assets, significantly inflating the pool’s supply.
- Additionally, the borrowed SUSHI was used to hit even more DEFI5, after which the DEFI5 was burned for all underlying assets, a process that was repeated several times.
- A similar exploit affected Index Finance’s CC10, although someone has already done the reindexing part.
- The developers have identified the problem in the smart contract and will modify it accordingly.
- The affected users have not yet been compensated as no decision has been taken to address this aspect.
Looking to advertise? We will be happy to help you publicize your project, business or service. CryptoMode produces high quality content for cryptocurrency companies. To date, we have provided branded exposure to dozens of companies, and you can be one of them. All of our customers appreciate our value for money. Contact us if you have any questions: [emailÂ protected]