Vahe Karapetyan Profile picture
Security Researcher | CTF @ MSLC | blockchain/web/pwn | CTO & Сo-Founder @hexensio
Dec 18, 2021 4 tweets 2 min read
Grim Finance(grim.finance) got hacked 2 hours ago
Estimated loss: $40mln

One of the attacking transactions: ftmscan.com/tx/0x19315e5b1…

Attack Analysis:
#FTM #ETH #BSC #GrimFinance #GrimExploit

1/4
1) Grab a Flashloan for XXX & YYY tokens (WBTC-FTM e.g.)
2) Add liquidity on SpiritSwap
3) Mint SPIRIT-LPs
4) call depositFor() in GrimBoostVault with token==ATTACKER, user==ATTACKER
5)Leverage token.safeTransferFrom for re-entrancy
6) goto (4)

2/4