Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Smart contract automation tool Gelato Network tweeted: "We have been alerted to a critical vulnerability in Sorbet Finance's G-UNI router contract. This vulnerability only affects users interacting with the Sorbet UI." Gelato Network released a security incident investigation report, saying that white hat hackers transferred a total of $27 million in assets to ensure the safety of user assets, but there were still $744,000 of funds that were maliciously attacked by MEV. The project stated that the vulnerability that emerged this time is similar to the previous dydx vulnerability, and the smart contract at risk can make arbitrary low-level calls aimed at executing transactions on 1inch, making potential exploits possible. Attack method (per SlowMist): Contract Vulnerability. Reported loss: $ 744,000.
- chain
- —
- protocol
- Gelato Network
- bug_class
- logic
- date_occurred
- 2021-12-11
- loss_usd
- $744,000
- source_id
- sm:gelato-network::2021-12-11