VERDICT —UNRATED
Verdict pending. Auto-ingested incidents are reviewed before a public verdict is rendered.
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Forensic narrative
The attackers withdrew approximately 350 ETH (equivalent to $1.1 million) from Float Protocol’s Rari Capital pool. The reason is that Uniswap V3 FLOAT/USDC oracles lack liquidity, which allows attackers to manipulate the price in the pool and then deposit at a higher interest rate. The hackers returned about $250,000 for some reason. Attack method (per SlowMist): Price Manipulation. Reported loss: 350 ETH.
Sourced from
slowmist
Technical record
- chain
- —
- protocol
- Float Protocol
- bug_class
- oracle
- date_occurred
- 2022-01-15
- loss_usd
- —
- source_id
- sm:float-protocol::2022-01-15
Related — same bug class· oracle