Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Reproducible Foundry test fork from SunWeb3Sec/DeFiHackLabs. Clone the repo, run forge test against the file path above, and replay the exploit against a mainnet fork at the historical block. Use for reproduction only — not for live targets.
Fei Protocol officially tweeted that it has noticed multiple exploits of Rari Capital’s Fuse pool, has identified the root cause and suspended all lending to mitigate further losses. And shout that hackers, if they can return user funds, will get a bounty of 10 million US dollars. According to previous news, Fei Protocol was attacked, and the loss exceeded 28,380 ETH, about 80.34 million US dollars. The attacker's address was 0x6162759eDAd730152F0dF8115c698a42E666157F. The Rari Capital pool was attacked due to a classic reentrancy vulnerability. Its function exitMaket has no reentrancy protection. Attack method (per SlowMist): Reentrancy Attack. Reported loss: $ 80,000,000.
- chain
- —
- protocol
- Fei Protocol & Rari Capital
- bug_class
- reentrancy
- date_occurred
- 2022-04-30
- loss_usd
- $80,000,000
- source_id
- sm:fei-protocol-rari-capital::2022-04-30