This is the complex exploit I've ever seen. It used 2 FLASHLOANS, one with @AaveAave (80k ETH) and one using flashswap with @UniswapProtocol (116M DAI).

In the image the steps! Image
TL;DR the manipulation occured at step 5. And 6.

Withdrawal at step 7. is using the wrong Curve function to do the math

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Emiliano Bonassi | emiliano.eth

Emiliano Bonassi | emiliano.eth Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @emilianobonassi

22 Dec
Exploring @iearnfinance vault v2 strategies for one of my beloved projects @synthetix_io ⚔️😍⚒️

What about a simple 50% sBTC 50% iBTC strategy? 0% exposure on BTC and APY 101% as rewards in SNX

gov.yearn.finance/t/yvsnx-v2-vau…
1. Stake SNX
2. Mint sUSD
3. Exchange for sBTC iBTC
4. Claim
5. Repeat
4 weeks! Image
Read 4 tweets
17 Dec
Taking a look...

ethtx.info/mainnet/0x8bb8…

This is the second attack whish uses multiple flash liquidity,
flash swaps via Uniswap and flash loans via dYdX

We will see very complex things via @AaveAave V2 batch flash loans :)
Quite interesting the attacker asked 3 loans via flash swaps to 3 different pools on Uniswap

WETH-WBTC 90k
WETH-USDC 82k
WETH-USDT 96k

It's definitely a batch flash loan via flash swaps!

And this is just the beginning...
And other two loans from dYdX

76k ETH and 2.9m DAI

continuing...
Read 8 tweets
21 Nov
Evil jars deployed during the attack and passed in the swapExactJarForJar, investigating more on this

etherscan.io/address/0x75aa…

etherscan.io/address/0x02c8…

The are sensible ops executed in that method (e.g. approve, withdraw etc).
In addition in the second invocation for swapExactJarForJar there were passed a target and doing a delegate call to CurveProxyPool 😢

Really complex and is not using at all FlashLoans!

etherscan.io/address/0x6186…
Read 7 tweets
7 Aug
I'm proud to release Gas Saver Gnosis Safe Module

github.com/emilianobonass…

a user smart-contract module for @gnosisSafe wallets which let you interact with

*ANY* protocol

and save tons of gas leveraging @1inchExchange $CHI and $GST2

Below how to use it and examples 👇
1/ Follow the instruction in the Readme and deploy your version (proxy) of the module. Then add it!

As you see in these txs, you can save up to 50% when interacting with @compoundfinance and @AaveAave

ANY protocol is supported immediately! Use in your @AragonProject DAO!
2/ With this release, I'm proud also to announce the version v1.2.1 of Gas Saver, a library for builders to enable saving in their smart-contracts!

Added support for traditional GST2 tokens!

This module is based on this work 😉

Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!