Bitget App
Trade smarter
Buy cryptoMarketsTradeFuturesCopyBotsEarn
WOOFi offers bounty after $8.75 million exploit on Arbitrum

WOOFi offers bounty after $8.75 million exploit on Arbitrum

The BlockThe Block2024/03/06 09:12
By:The Block

Quick Take: WOOFi reported an $8.75 million exploit on its swap service on Arbitrum. The team offered the unknown attacker a 10% white hat bounty in exchange for return.

Decentralized finance platform WOOFi reported an exploit targeting its swap offering on the Arbitrum network, resulting in a loss of about $8.75 million in cryptocurrencies.

At 10:49 am ET on Tuesday, an unknown attacker manipulated the platform’s Synthetic Proactive Market Making (sPMM) algorithm through a series of flash loans, taking advantage of the low liquidity to drastically affect the WOO token’s price.

The attacker borrowed around 7.7 million WOO tokens along with other assets and sold them on WOOFi, the team noted in a post-mortem report . This action caused the sPMM algorithm to incorrectly value the project's native token WOO at near-zero prices.

The exploiter then capitalized on this abnormal pricing to swap out 10 million WOO at minimal costs, repeating this process three times in a short span, netting themselves substantial illicit gains.

The anomaly was promptly detected by WOOFi’s transaction monitoring system and other security teams active in crypto, leading to the suspension of WOOFi Swap’s smart contracts by about 11 am ET to prevent further losses and initiate an investigation.

WOOFi’s sPMM algorithm simulates the dynamics of centralized exchanges to offer users optimal pricing. However, an unexpected error in the algorithm’s interaction with WOO’s liquidity conditions on Arbitrum enabled this exploit, according to the the team.

Other WOOFi products such as WOOFi Stake, Earn, and Pro, remain unaffected and operational.

A 10% whitehat bounty was offered

In response to the incident, WOOFi offered the attacker a 10% white hat bounty for the return of the stolen funds. The team stressed it will address the vulnerabilities before redeploying the WOOFi Swap contracts.

"We will work with top security firms to ensure these vulnerabilities are identified at an earlier stage. This is the first time an incident like this has happened to us, and we want to make sure it doesn't happen again," it noted.

The price of each WOO token across various exchanges dropped by 18% after the incident, falling from $0.59 to $0.49. It has now rebounded to above $0.54, according to The Block's price page .

0

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.

PoolX: Locked for new tokens.
APR up to 10%. Always on, always get airdrop.
Lock now!