Two hours ago, a suspicious transaction was seen involving Pickle's new pDAI jar.
$20m worth of DAI was withdrawn to an EOA, which funded the attack with 10 ETH from Tornado (mixer).
No flash loan was involved as first believed.
At this moment, the attack vector seems to be related to a function in the Pickle controller (v4), which can swap coins from one strategy to another.
Rumor has it that there was no check on the Jar Swap function. Pickle was audited but seemingly before this function was added.
Affected users are already contacting the attacker.
The first image here shows someone, a purported "nurse," asking for $100,000 back from the attacker. The use of the nurse bit was popularized last week with the Value attack, where the attacker returned $50k to a "nurse"
We're seeing @coverprotocol respond to this in real time.
Cover launched literally two days ago, and Pickle was a project it began providing cover for. There was $430,000 in cover available last time I checked.
Community seems to think it's a valid claim already.
Pickle devs are telling users to withdraw funds for the time being.
I suppose it's unclear if the bug in the controller contract can be exploited on other Jars.
Back by popular demand. Again, with everything on DeFi being on-chain, we can see connect firms & addresses.
A breakdown of some of the known Ethereum addresses of a16z, Celsius, Nexo. Also, a look at addresses *likely* operated by firms like Alameda, Struck Capital, & more.
👇
a16z's (1/2) interesting because it became the first "mainstream" VC to go big on DeFi tokens.
They have $26m in MKR, $2m in SNX, and $1.5m in REP.
Of note, they're up $11m in their MKR.
a16z (2/2)
What I really remember about this address is others in the space eyeing it last year:
Someone deposited $250k of SNX into the address.
We still don't know if it was a16z.
Not much else to say though - I guess Pool 2 yield farming isn't in their mandate.
Tranches in finance are when a financial product/vehicle is split up into separate baskets to divvy up risk and yields to appeal to different investors.
There are junior tranches, which carry the most risk. If there is a default/crash, junior tranche holders take most losses.
To acquire Saffron Finance's governance token, SFI, users must deposit ETH-SFI Uniswap LP tokens or deposit into the two supported tranches, the "S" (senior) tranche and the "A" (junior) tranche.
- S tranche gets 71.25% of emissions
- A tranche gets 3.75%
- Uniswap LPs get 25%
Hands down one of the coolest DeFi products I've seen in recent months is Alpha Homora by @AlphaFinanceLab.
The product has seen a lot of attention over recent days as investors seek higher yields on Ethereum yield farming and liquidity mining.
Let's take a closer look.
👇
To put it simply, Alpha Homora allows users to obtain leverage on Ethereum yield farming.
It also automates the yield farming process, even if the user does not want to take leverage.
This is similar to what the @zapper_fi team did in its early days with Zaps.
When you want to LP one ETH into ETH/WBTC on Uniswap, you swap 0.5 ETH into WBTC, then supply both to the pool. Cool.
But let's say you want to collect more in trading fees or in UNI (if rewards are voted back in), you can take leverage of up to 2.5x (used to be like 3x).