If you are confused how the hacker managed to drain contract, here’s the exact mechanics of what happened:
EMN contract allows you to buy (mint) EMN with DAI (and sell/burn). It uses quite standard Bancor’s bonding curve - DAI is used as a reserve currency for the EMN token. Price of EMN token is determined by the amount of EMN vs amount of DAI in the reserve
The second token, eAAVE is similar with the small but important caveat - it’s using EMN as a reserve currency, but “virtually” - if you buy/mint eAAVE by sending to it EMN tokens, instead of storing your EMN in the reserve, eAAVE contract will actually burn EMN.
If you sell/burn eAAVE ENS tokens will be minted. This interplay allowed the attacker to run the following trades (all atomically in one transaction):
1. Flashloan 15,00,000 DAI from Uniswap
2. Buy as much EMN as you can with your DAI (ignore the amount)
3. Spend half of your EMNs to buy eAAVE. This will burn the EMNs decreasing the total supply which will pump up the price of EMN
2. Buy as much EMN as you can with your DAI (ignore the amount)
3. Spend half of your EMNs to buy eAAVE. This will burn the EMNs decreasing the total supply which will pump up the price of EMN
4. Sell your second half of the now-pumped EMNs for 10,024,579 DAI (note that this is much more than 7,500,000 DAI)
5. Now sell your eAAVE to reclaim back your first half of EMNs. The EMNs are minted and this will decrease the price of EMN
6. Sell back your EMNs for 6,649,057 DAI
5. Now sell your eAAVE to reclaim back your first half of EMNs. The EMNs are minted and this will decrease the price of EMN
6. Sell back your EMNs for 6,649,057 DAI
7. Return 15,000,000 flash loan, enjoy 1,673,636 DAI profit
This has been repeated three times in three separate transactions (so 9 cycles altogether) like the one here: ethtx.info/0x350325313164…
• • •
Missing some Tweet in this thread? You can try to
force a refresh
