1. PixelPlaygroundHome
  2. Web3 News

Ethereum’s Euler Finance faces logical flaws leading to 197 million dollar loss

Web3 News 105 views

Ethereums Euler Finance faces logical flaws leading to 197 million dollar loss

According to PeckShield’s analysis, Euler Finance was used in a series of transactions on Ethereum (hacker transaction address) due to its logical flaws in donation and liquidation, resulting in a loss of about 197 million dollars. Specifically, DonateToReserves needs to ensure that donors still have excess collateral, and liquidation needs to ensure the “correct” conversion rate from loans to mortgaged assets. In addition, two hackers participated in the attack: 0x5F2… 8B8c and 0xBcA… 7c5C.

Euler Finance was attacked due to logical flaws in its donation and liquidation

Analysis based on this information:


PeckShield’s analysis has revealed that Euler Finance, an Ethereum-based platform, was prone to logical flaws in donation and liquidation, leading to a loss of approximately 197 million dollars. The DonateToReserves feature was not ensuring that donors still had excess collateral, while the liquidation option was failing to ensure the “correct” conversion rate from loans to mortgaged assets. As a result, the platform was exposed to a security breach scheme implemented by two hackers.

The first logical flaw was related to the DonateToReserves option, which is a feature that allows users to deposit their collateral surplus in the reserves pool. The reserves pool helps to support the tokens’ liquidity and provides a buffer for the platform’s operational needs. However, PeckShield found that this feature did not prevent donors from withdrawing all of their collateral from the pool, even if it significantly dropped their collateral ratio. This flaw allowed the hackers to exploit this loophole by depositing a huge amount of tokens, subsequently withdrawing them, and creating an imbalance in the reserves pool, leading to the second vulnerability.

The second flaw was associated with the liquidation process, which is a feature that enables the platform to ensure that mortgaged assets are worth more than the loans given out. This is accomplished through the conversion of the mortgaged assets to a stablecoin to repay the loan. However, PeckShield discovered that Euler Finance allowed anyone to compute the conversion rate, making it feasible for it to have been manipulated. This vulnerability enabled the hackers to change the conversion rate systematically, resulting in an inappropriate liquidation of deposited mortgaged assets.

Both the DonateToReserves and liquidation flaws resulted in a massive loss for the platform, estimated at about 197 million dollars. The report indicates that two hackers, with transaction addresses 0x5F2…8B8c and 0xBcA…7c5C, perpetuated the attack. The exact perpetrators of the attack remain unknown. Nevertheless, PeckShield’s report serves as a warning to other Ethereum-based platforms of the potential risks associated with logical flaws in donation and liquidation.

In conclusion, Euler Finance’s exposure to logical flaws presented an opportunity for attackers to exploit the platform’s vulnerabilities, consequently resulting in a huge financial loss. The incident highlights the importance of identifying and addressing logical loopholes in Ethereum-based platforms. It is imperative to ensure that systems are designed with robust security protocols and undergo regular security assessments to detect and mitigate potential threats.

This article and pictures are from the Internet and do not represent Fpips's position. If you infringe, please contact us to delete:https://www.fpips.com/7603/

It is strongly recommended that you study, review, analyze and verify the content independently, use the relevant data and content carefully, and bear all risks arising therefrom.

Like (0)
Previous 03/13/2023 11:32
Next 03/13/2023 11:36

Recommended articles