What's weird now is that Pickle's website currently is not working.
Those that are trying to access the Jars and Farms tab are just stuck with a loading screen.
Also, Discord channel seems to have no public channels. Was it like this before?
Some people are arguing that this isn't an exploit or not an attack - might be some unannounced strategy change they say.
The thing is, the person who did this tx got 10 ETH from Tornado + now owns nearly $20m in DAI in an EOA.
The interesting thing here to note is that the contract that executed this complex tx was not self-destructed as we've seen with previous attacks on DeFi protocols.
Upon closer inspection, there doesn't seem to have been a flash loan involved.
I'm hearing the attacker deployed fake Pickle Jars (strategies) that managed to drain the original Jar.
We're about to see @CoverProtocol in action for the first time.
Since its launch two days ago, users have provided 432,251 DAI in cover through the protocol.
Yeah, appears to be the swapExactJarForJar function that broke it.
Basically, a Jar is like a Yearn Strategy.
The attacker made a malicious Jar, then swapped the funds from the recently-deployed DAI strategy to his own.
COVER FOR PICKLE*. I need to slow down a bit.
More on Cover Protocol's first claim.
Thus far, 100% of the COVER that has voted (573) says this is a valid claim.
Two hours ago, a suspicious transaction was seen involving Pickle's new pDAI jar.
$20m worth of DAI was withdrawn to an EOA, which funded the attack with 10 ETH from Tornado (mixer).
No flash loan was involved as first believed.
At this moment, the attack vector seems to be related to a function in the Pickle controller (v4), which can swap coins from one strategy to another.
Rumor has it that there was no check on the Jar Swap function. Pickle was audited but seemingly before this function was added.
Affected users are already contacting the attacker.
The first image here shows someone, a purported "nurse," asking for $100,000 back from the attacker. The use of the nurse bit was popularized last week with the Value attack, where the attacker returned $50k to a "nurse"
Back by popular demand. Again, with everything on DeFi being on-chain, we can see connect firms & addresses.
A breakdown of some of the known Ethereum addresses of a16z, Celsius, Nexo. Also, a look at addresses *likely* operated by firms like Alameda, Struck Capital, & more.
👇
a16z's (1/2) interesting because it became the first "mainstream" VC to go big on DeFi tokens.
They have $26m in MKR, $2m in SNX, and $1.5m in REP.
Of note, they're up $11m in their MKR.
a16z (2/2)
What I really remember about this address is others in the space eyeing it last year:
Someone deposited $250k of SNX into the address.
We still don't know if it was a16z.
Not much else to say though - I guess Pool 2 yield farming isn't in their mandate.
Tranches in finance are when a financial product/vehicle is split up into separate baskets to divvy up risk and yields to appeal to different investors.
There are junior tranches, which carry the most risk. If there is a default/crash, junior tranche holders take most losses.
To acquire Saffron Finance's governance token, SFI, users must deposit ETH-SFI Uniswap LP tokens or deposit into the two supported tranches, the "S" (senior) tranche and the "A" (junior) tranche.
- S tranche gets 71.25% of emissions
- A tranche gets 3.75%
- Uniswap LPs get 25%
Hands down one of the coolest DeFi products I've seen in recent months is Alpha Homora by @AlphaFinanceLab.
The product has seen a lot of attention over recent days as investors seek higher yields on Ethereum yield farming and liquidity mining.
Let's take a closer look.
👇
To put it simply, Alpha Homora allows users to obtain leverage on Ethereum yield farming.
It also automates the yield farming process, even if the user does not want to take leverage.
This is similar to what the @zapper_fi team did in its early days with Zaps.
When you want to LP one ETH into ETH/WBTC on Uniswap, you swap 0.5 ETH into WBTC, then supply both to the pool. Cool.
But let's say you want to collect more in trading fees or in UNI (if rewards are voted back in), you can take leverage of up to 2.5x (used to be like 3x).