Discover and read the best of Twitter Threads about #GrimExploit

Most recents (1)

Grim Finance(grim.finance) got hacked 2 hours ago
Estimated loss: $40mln

One of the attacking transactions: ftmscan.com/tx/0x19315e5b1…

Attack Analysis:
#FTM #ETH #BSC #GrimFinance #GrimExploit

1/4
1) Grab a Flashloan for XXX & YYY tokens (WBTC-FTM e.g.)
2) Add liquidity on SpiritSwap
3) Mint SPIRIT-LPs
4) call depositFor() in GrimBoostVault with token==ATTACKER, user==ATTACKER
5)Leverage token.safeTransferFrom for re-entrancy
6) goto (4)

2/4
7) In the last step on re-entrancy call depositFor() with token==SPIRIT-LP, user==ATTACKER
8) Amount of minted GB-XXX-YYY tokens is increased in every level of re-entrancy
9) Attacker ends up holding huge amount of GB-XXX-YYY tokens

3/4
Read 4 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!