Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Reproducible Foundry test fork from SunWeb3Sec/DeFiHackLabs. Clone the repo, run forge test against the file path above, and replay the exploit against a mainnet fork at the historical block. Use for reproduction only — not for live targets.
Opyn, an on-chain options platform, disclosed that its Ethereum put options were maliciously exploited by external participants. Opyn pointed out that all other Opyn contracts except Ethereum put options are not affected by this vulnerability. The attacker doubled the use of oToken and stole the mortgage assets of the put option seller. According to Opyn statistics, a total of 371,260 USDC has been stolen so far. Because the exercise function exercise() in the Opyn ETH Put smart contract does not perform real-time verification of the trader's ETH. According to the business logic of the Opyn platform, the buyer of the put option transfers the corresponding value of ETH to the seller to obtain the digital asset mortgaged by the seller. The cunning attacker first initiates a disguised transaction to himself, and uses the reusable feature of this ETH to initiate a transfer to the seller user again, thereby defrauding the seller's mortgaged digital assets. Attack method (per SlowMist): Contract Vulnerability. Reported loss: 371,260 USDC.
- chain
- ethereum
- protocol
- Opyn
- bug_class
- logic
- date_occurred
- 2020-08-04
- loss_usd
- —
- source_id
- sm:opyn::2020-08-04