Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Fei Labs, the development team of the decentralized stablecoin project Fei Protocol, tweeted that a vulnerability involving the ETH joint curve contract was discovered and disclosed on May 2 and the contract was immediately suspended. The vulnerability has not been exploited and will not affect any users. . This loophole will cause the flash loan market manipulation to exhaust Fei Protocol's Protocol Control Fund (PCV). In addition, Fei Protocol awarded the vulnerability discoverer Alexander Schlindwein a $800,000 TRIBE token reward. Currently, OpenZeppelin and Alexander Schlindwein have assisted in repair review and verification, sending ETH from the joint curve to the reserve stabilizer instead of the ETH-FEI Uniswap pool to eliminate the attack vector, and adding to the pool to prevent malicious arbitrage Other reviews. Attack method (per SlowMist): Contract Vulnerability. Reported loss: -.
- chain
- —
- protocol
- Fei Protocol
- bug_class
- flashloan
- date_occurred
- 2021-05-02
- loss_usd
- —
- source_id
- sm:fei-protocol::2021-05-02