Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Reproducible Foundry test fork from SunWeb3Sec/DeFiHackLabs. Clone the repo, run forge test against the file path above, and replay the exploit against a mainnet fork at the historical block. Use for reproduction only — not for live targets.
The DEX tool Dexible was suspected of being attacked and lost about $2 million. According to the analysis, there is a logical loophole in the selfSwap function of the Dexible contract, which will call the fill function. This function has a call to the attacker's custom data, and the attacker constructs a transferfrom function in this data, and transfers other users (0x58f5f0684c381fcfc203d77b2bba468ebb29b098) address and its own attack address (0x684083f312ac50f538cc4b634d85a2feafaab77a), causing the tokens authorized by the user to the contract to be transferred by the attacker. Attack method (per SlowMist): Contract Vulnerability. Reported loss: $ 2,000,000.
- chain
- —
- protocol
- Dexible
- bug_class
- logic
- date_occurred
- 2023-02-17
- loss_usd
- $2,000,000
- source_id
- sm:dexible::2023-02-17