Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Reproducible Foundry test fork from SunWeb3Sec/DeFiHackLabs. Clone the repo, run forge test against the file path above, and replay the exploit against a mainnet fork at the historical block. Use for reproduction only — not for live targets.
DeFi protocol Revest Finance has been hacked. Hackers stole nearly 7.7 million ECO, 579 LYXe, nearly 715 million BLOCKS, and over 350,000 RENA. According to SlowMist analysis, this attack is because the handleMultipleDeposits function in the tokenVault contract does not determine whether the newly minted NFT exists, so the attacker uses this point to directly modify the information of the NFT that has been minted, and in the Revest contract The key functions in this are not restricted by reentrant locks, which lead to being used by callbacks. Attack method (per SlowMist): Reentrancy Attack. Reported loss: $ 120,000.
- chain
- —
- protocol
- Revest Finance
- bug_class
- reentrancy
- date_occurred
- 2022-03-27
- loss_usd
- $120,000
- source_id
- sm:revest-finance::2022-03-27