Omniscia, the auditing partner of Euler Finance, released a post-mortem report on the same which stated that the vulnerability which was exploited by the malicious hackers originated from the incorrect donation mechanism of the decentralized finance lending protocol which does not did not take into account the health of the donor’s debt. .
The vulnerable code introduced in eIP-14 has caused several changes in the Euler ecosystem. This allowed the striker to create an over-leveraged position and liquidate it himself in the same block by artificially moving it “under water”, the company said in a statement. statement.
- The functionality at the center of the vulnerability was not audited by Omniscia.
- An external auditor was commissioned to examine the vulnerable code, which was subsequently approved.
- However, the vulnerability was not discovered as part of this audit and remained on chain for eight months until it was exploited on March 13 despite a $1 million bug bounty in place.
- Faulty etoken module has been disabled to prevent deposits and vulnerable donation function.
- Following the attack, the DeFi protocol revealed working with various security groups to conduct audits and also called in law enforcement to recover the funds.
“We are devastated by the effect of this attack on users of the Euler Protocol and will continue to work with our security partners, law enforcement and the wider community to resolve this issue to the best of our ability. Thank you much for your support and encouragement.”
Binance Free $100 (Exclusive): Use this link to sign up and receive $100 free and 10% off Binance Futures fees for the first month (terms).
PrimeXBT Special Offer: Use this link to sign up and enter code POTATO50 to receive up to $7,000 on your deposits.