Bitget App
Trade smarter
Buy cryptoMarketsTradeFuturesCopyBotsEarn
WOOFi Reports $8.75 Million Loss, Offers 10% Bounty for Return

WOOFi Reports $8.75 Million Loss, Offers 10% Bounty for Return

CryptopotatoCryptopotato2024/03/06 22:46
By:Chayanika DekaMore posts by this author

WOOFi Swap is expected to be fully functional again within the next two weeks.

WOOFi, a decentralized finance platform, experienced an exploit on March 5th that targeted its swap feature on the Arbitrum network. The event resulted in a loss of approximately $8.75 million in crypto assets.

The platform said it has initiated efforts to recover these funds and has offered a 10% whitehat bounty to the exploiter. Additionally, a bounty has been placed on Arkham Intelligence for anyone providing additional information.

WOOFi’s Exploit

According to the post-mortem report , the sPMM algorithm governing pricing on WOOFi Swaps was exploited on Arbitrum. The attack involved a series of flash loans leveraging low liquidity to manipulate the price of WOO, allowing the exploiter to repay the loans at a reduced cost.

The exploiter borrowed around 7.7 million WOO and other assets, selling the tokens on WOOFi. This action caused WOOFi’s sPMM to inaccurately adjust WOO to an extremely low price, enabling the exploiter to swap out 10 million WOO in the same transaction nearly cost-free.

The exploiter repeated this attack three times within a brief period, resulting in profits of approximately $8.75 million after repaying the flash loans.

WOOFi revealed that the sPMM in its second version is designed to supersede oracle prices by considering users’ trade notional values to regulate slippage and uphold pool equilibrium.

However, a glitch led to an extensive deviation from the expected range ($0.00000009), and the fallback check, typically executed against Chainlink, did not include the WOO token price.

Conservative Listing Strategy Pays Off

WOOFi also said that its sPMM had been incident-free since its introduction back in 2021, primarily because of the “conservative approach” to listing new assets. The platform’s stringent listing process made initiating an exploit with major assets like ETH nearly impossible.

However, it blamed the recent introduction of a lending market for WOO on Arbitrum, coupled with relatively limited liquidity support for WOO tokens elsewhere on the network, which rendered the exploit economically viable.

While WOOFi Swap is operational across more than ten networks, none other than Arbitrum featured both the WOO token and a WOO lending market, effectively thwarting the replication of the same exploit on alternate networks.

Meanwhile, a recent report by CertiK said the crypto sector suffered losses of around $160 million in February due to exploits, hacks, and scams. These numbers reflected a minor decrease compared to January despite an uptick in prices. Among these losses, flash loans accounted for only $138,000.

You Might Also Like:

  • $39 Million Drained in DeFi by Malicious Actors in January 2024: Quantstamp
  • DeFi Protocol Gamma Strategies Discloses Vulnerability After Preliminary Investigation
  • North Korea's Crypto Onslaught Continues: More Platforms Targeted, Less Loot in 2023
0

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.

PoolX: Locked for new tokens.
APR up to 10%. Always on, always get airdrop.
Lock now!