The impact of the swap is that due to the impermanent losses of other assets, the value of USDC in the Y pool increased, and it obtained 17,216703.208672 USDC at this time, the attacker added the principal of the previous lightning loan, and the attack held about 67.21 million USDC and 108.65. This contract converts 17222012.640506 USDT into USDC through a swap agreement in the Curve agreement Y pool.The attacker took advantage of this blank time to complete the arbitrage transaction flash loan arbitrage is also a common one at present the way.) (Note: Flash loans require borrowing and repayment to be completed in “one transaction”, otherwise the loan funds will be withdrawn. Lend a huge amount of USDT (18,308,555.417594) and USDC (50 million) through Uniswap V2 Lightning Loan, and inject them into the attack contract.Transferring 20 ETH through the Ethereum anonymous transfer platform Tornado.cash as a subsequent attack fee, the attacker’s wallet address is 0xf224ab004461540778a914ea397c589b677e27b, and an attack contract 0xc6028a9fa486f52efd2b95b949ac630d287ce0af is deployed.The Harvest Finance announcement introduced the complete attack chain: Of course, in order to enable transactions on the chain to be carried out in a very short period of time, each transaction is given a sufficient fee. In the Y pool, the above process is reversed, and a large amount of USDC is converted into USDT, resulting in a decrease in the price of USDC at this time, the price of USDC in the Harvest pool also decreases fUSDC can be used to exchange more USDC than the original to complete arbitrage.Converting a large amount of USDT to USDC in the Y pool resulted in an increase in the price of USDC since the USDC price in the Harvest pool refers to the Y pool, it also increased at this time, USDC is used to exchange more fUSDC in the Harvest pool.The attacker borrowed a large amount of USDT and USDC through flash loans.To put it simply, there are three steps, namely “borrowing-forward operating price-reverse operating price”: Let me explain the logic of this attack for everyone. How does the attacker achieve the attack and complete arbitrage? Before the attack, Harvest Finance mainly provided liquidity in the Curve protocol y pool. Harvest Finance is a DeFi income aggregator whose main function is to provide liquidity to other DeFi pools to earn income for its liquidity providers. The price of its governance token CRV has continued to rise in the past 24 hours, once rising to 0.44 USDT, with a maximum increase of nearly 30%. However, the Curve agreement has not been affected. As of today’s press release, the price of FARM has rebounded to around US$110 the amount of Harvest’s agreement lock-up has also increased from US$1.11 billion. Many participants reported that they lost 15% to 20% of their funds.Īffected by this, the price of Harvest Finance’s governance token, FARM, plummeted from US$237 to US$78, with a maximum drop of nearly 70%. The attackers then converted the funds into renBTC and cashed out, and Harvest also lost millions of dollars as a result. dollars in proportion to the snapshot Assigned to affected depositors in the future, Harvest Finance will implement a “submit-disclose” mechanism for deposits to reduce lightning loan attacks, use oracles to determine asset prices, and increase deposit arb configuration (the current threshold is set to 3%).Īt 10 o’clock yesterday morning, Twitter users broke the news that the attacker relied on the cost (handling fee) of 20 ETH to gain impermanence through arbitrage in the Curve protocol y pool through lightning loans, and the Curve.fi Y pool is where Harvest Vault invests. dollars), accounting for about 3.2% of the total value of locked positions in the agreement before the attack the attacker returned more than 2.47 million U.S. dollars (previously reported that it was 4 million U.S. This morning, Harvest Finance, the DeFi aggregation agreement, issued a statement on yesterday’s lightning loan attack.Īccording to the announcement, the total loss of the attack was 33.8 million U.S.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |