Share this page!

Igor Igamberdiev Profile picture
Twitter logo
13 Feb, 6 tweets, 2 min read
IronBank ($CREAM) was exploited on $37.5M, let’s take a quick look at what happened.👇

1/ Attacker used Alpha Homora for borrowing sUSD from IronBank.
Each time they borrow twice as much as in the previous one.
2/ They do this through two transactions and each time they lend the funds back into IronBank, receiving cySUSD.

3/ At some point exploiter took $1.8M USDC flash loan from Aave v2 and swapped USDC to sUSD using Curve.
4/ They lend these sUSD to IronBank, which allows them to continue borrowing and lending them, receiving cySUSD.

5/ Of course, some sUSD are spent on repayment of the flash loan.
6/ Also, a 10M USD flash loan is taken, which is also used to increase the number of cySUSD.

7/ In the end, the number of their cySUSD reaches an incredible amount, which allows them to borrow anything from IronBank.
8/ Then they borrow:
- 13.2k WETH
- 3.6M USDC
- 5.6M USDT
- 4.2M DAI
9/ Stablecoins have been deposited to Aave v2,
1k ETH to IronBank deployer,
1k ETH to Homora deployer,
220 ETH to Tornado,
100 ETH granted to Tornado
and almost 11k ETH remain on the exploiter balance.

etherscan.io/address/0x9053…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Igor Igamberdiev

Igor Igamberdiev Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @FrankResearcher

Igor Igamberdiev Profile picture
5 Feb
1/7
Flash loans became widely known a year ago, after the first bZx hack.

@TheBlockRes could not skip this topic, given the recent yDAI exploit with the largest use of flash loans yet.

I hope that you’re our Research subscriber and have access to it.
theblockcrypto.com/genesis/93740/…
2/7
A flash loan’s main idea is that the pool that lends funds must receive them back together with fees at the end of the transaction.

Many people know that the concept was proposed by Marble, but few know that someone used it.
3/7
@dydxprotocol has supported flash loans since launch, although it was discovered only after the first bZx hack.

Flash loans are absolutely free to use, which is why the $43.6B flash loan volume.

The main borrower is InstaDApp, and tbh I find their use case amazing.
Read 7 tweets
Igor Igamberdiev Profile picture
4 Feb
Ok, new DeFi exploit.

Victim:
- @iearnfinance

Attacker profit:
- 513k DAI
- 1.7M USDT
- remaining 506k 3CRV (~$1)

To obtain such a profit, the attacker executed 11 transactions.
Below is a very superficial explanation of what was happening in these transactions👇
1/ Flash loaned 116k ETH from dYdX
2/ Flash loaned 99k ETH from Aave v2
3/ Borrow 134M USDC and 129M DAI using ETH as collateral on Compound
4/ Add 134M USDC and 36M DAI to 3crv Curve pool
5/ Withdraw 165M USDT from 3crv Curve pool
6/ Repeat five times👇
- Deposit 93M DAI to yDAI vault (less w/ each time)
- Add 165M USDT to 3crv pool
- Withdraw 92M DAI from yDAI vault (less w/ each time)
- Withdraw 165M USDT from 3crv pool
7/ In the last time withdraw 39M DAI and 134M USDC instead USDT
8/ Repay Compound debts
9/ Repay flash loans
Read 4 tweets
Igor Igamberdiev Profile picture
22 Jan
1/8
Due to the high gas price, Ethereum fees are higher than ever.

My latest research piece focuses on one of the ways to reduce fees — gas tokens.

As usual, the piece contains many insights and charts, but here are a couple of thoughts.

Enjoy👇

theblockcrypto.com/genesis/91670/…
2/8
Gas tokens work by reducing the gas amount used by a transaction (gas refund).

The mechanics are as follows: a smart contract is created at a low gas price together with a token, which is then destroyed at a high gas price.
3/8
Until recently, the most popular gas token was GST2.

Token creation and destruction peaked in March 2020, when the market reached a local bottom.

This peak can be explained by the widespread use of this token by arbitrageurs and 1inch.
Read 8 tweets
Igor Igamberdiev Profile picture
21 Jan
1/5

Let’s go back to Curve’s SynthSwap and use a real example to calculate the benefits of using it for large trades.

Due to the way Synthetix works, trades using Virtual Synths are divided into two transactions. Consequently, people using SynthSwap carry certain price risks.
2/5
The first transaction:
1) 9M USDT swapped to 8.95M sUSD through Curve sUSD v2 pool (0.5% negative slippage)
2) 8.95M sUSD swapped to 6.69k sETH through Synthetix Exchange (0.3% fee) Image
3/5
The second transaction took place 37 minutes after the first:
3) 6.69k sETH swapped to 6.71k ETH through Curve sETH pool (0.3% positive slippage)

So in this trade, ETH price was $1,341. For comparison, CoinGecko gives us $1,330.6 as ETH price, but what about the slippage? Image
Read 5 tweets
Igor Igamberdiev Profile picture
19 Jan
1/7

Today is the time for another piece from the DeFi governance games.

And since the gas price is breaking another all-time-high, it's time to discuss how gasless voting and Snapshot work.

theblockcrypto.com/genesis/90887/…
2/7

Just look at the cost of governance participation for the protocols discussed in the previous series.

Do token holders really have any incentive to participate if they are spending $10+ on voting, which they may not be interested in at all?

I don’t think so Image
3/7

Earlier, it was already mentioned that Compound governance framework provides an opportunity to perform gasless voting using EIP-712.

However, the infrastructure using these signatures for governance is just beginning to evolve. Image
Read 7 tweets
Igor Igamberdiev Profile picture
10 Jan
The significant growth in new weekly Twitter followers affected not only crypto exchanges but also many others.

For example, the new weekly followers of coin accounts have reached levels of early December 2017.
Interest in cryptocurrency wallet providers and popular sites like Coinmarketcap is at the level of early February 2018.
The Twitter accounts of data providers and research companies did not have a long history back then.

At the moment, indicators of interest in them are breaking historical records.
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @FrankResearcher has new unrolls!

Check out other threads from @FrankResearcher!

Read all threads by @FrankResearcher