Inverse Finance Exploited – $1.2M Stolen From The Protocol
The open-source Ethereum-based DeFi protocol Inverse Finance, has been subject to yet another exploit; this time, losing close to $5 million.
The incident occured on June 16th when the platform lost $5.83m worth of DOLA – which is the protocol’s native currency. The hackers were able to steal as much as $1.26m through a flash loan attack, by manipulating the price of oracle.
Inverse has temporarily paused borrows following an incident this morning where DOLA was removed from our money market, Frontier. We are investigating the incident however no user funds were taken or were at risk. We are investigating and will provide more details soon.
— Inverse+ (@InverseFinance) June 16, 2022
And we say “ yet another ”, because this isn’t the first time the platform has been compromised. In the month of april, the platform was subject to a similar exploit, where the attackers manipulated the keep3r oracle to change the token prices.
So What Went Wrong?
The attack was initiated when hackers took a flash-loan of 1 ETH from the Tornado protocol. This was used to artificially pump the prices for the INV token for the price keeper oracle.
The oracle relied on chainlink price data instead of the exchange’s data, which allowed easy manipulation to happen, this allowed the hackers to borrow a much greater sum than was stored as collateral.
Luckily enough, no user funds have been affected. Although the platform now owes a debt of around $5.8m, in addition to the $3.6m debt it incurred last time. The entire transaction sequence can be traced at etherscan
Don’t want us to cover you like this? Get your Dapps secured and tested at Novvr today.
An audit is a security-focused code review with the aim to identify issues in the code. Our process primarily includes 5 steps to conclude an audit and our smart contract audit prevents Rug & Pulls scam
- Read specs/docs
- Run Tests
- Automated Analysis
- Manual Review
- Prepare Report
Here are a few points that you must follow to get your smart contract ready for an audit.
- Add Comments in your code
- Document your functions
- Tests (must), if your tests don’t pass, don’t go for an audit
- Transparent Communication
- Ready to share your time with Auditors
If any of the above points is missing that means your code is not ready for an audit.
Know More about the process.