VERDICT —UNRATED
Verdict pending. Auto-ingested incidents are reviewed before a public verdict is rendered.
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Forensic narrative
The decentralized liquidity aggregation protocol Magpie Protocol was attacked due to a contract vulnerability, resulting in $129,000 being stolen from 221 wallets. The root cause is due to unchecked call data. The attacker called the contract's swap() function and passed in data which included a list of users to transfer tokens from. Attack method (per SlowMist): Contract Vulnerability. Reported loss: $ 129,000.
Primary source
https://medium.com/@Magpieprotocol/magpie-protocol-smart-contract-vulnerability-post-mortem-f6400db0a25e ↗Sourced from
slowmist
Technical record
- chain
- —
- protocol
- Magpie Protocol
- bug_class
- external-call
- date_occurred
- 2024-04-23
- loss_usd
- $129,000
- source_id
- sm:magpie-protocol::2024-04-23
Related — same bug class· external-call