Type: #logicFlow #dex
Project: Elastic swap
Date: 13/12/22
Blockchain: ETH + AVAX
Problem: Misapplication of two accounting systems.
For the addLiquidity function, the contract uses a constant K value algorithm for internal accounting.
But for removeLiquidity, it uses token-balance-based accounting in which the balance of two tokens (`baseToken` and `quoteToken`) in the current pool is used to calculate the amount.
The Hacker:
1) Adds liquidity to the TIC-USDC pool.
2) Deposits $USDC.e directly into the TIC-USDC pool by transfering tokens.
3) Removes the liquidity, causing the contract’s internal USDC reserve to become unbalanced.
4) Swapes USDC for TIC tokens and takes profit.
Discoverer: NaN. was hacked
Harm: 845 k $
link
Project: Elastic swap
Date: 13/12/22
Blockchain: ETH + AVAX
Problem: Misapplication of two accounting systems.
For the addLiquidity function, the contract uses a constant K value algorithm for internal accounting.
But for removeLiquidity, it uses token-balance-based accounting in which the balance of two tokens (`baseToken` and `quoteToken`) in the current pool is used to calculate the amount.
The Hacker:
1) Adds liquidity to the TIC-USDC pool.
2) Deposits $USDC.e directly into the TIC-USDC pool by transfering tokens.
3) Removes the liquidity, causing the contract’s internal USDC reserve to become unbalanced.
4) Swapes USDC for TIC tokens and takes profit.
Discoverer: NaN. was hacked
Harm: 845 k $
link