Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
The financial blogger "Super Bitcoin" stated on Weibo that Mr. Huai (weibo username "crash X") participated in the liquidity mining project Soda, and suddenly discovered a loophole in which 20,000 ETH can be directly liquidated Drop. But he chose to tell the development team, but the development team did not pay attention. He had no choice but to liquidate an ETH, and sent a Weibo warning to inform the developers of the existence of this bug. One hour later, the parties to the Soda agreement responded by prompting the borrower to repay and the mortgager to withdraw, and at the same time indicated that they would fix the loopholes and suspend the front-end borrowing function. But as of the early morning of September 21st, more than 400 ETH in Soda's mortgage loan pool were still maliciously liquidated. In the morning of the same day, the agreement officially stated on Twitter that the vulnerability has been fixed, and the newly deployed smart contract is expected to take effect at 21:00 on September 22. Attack method (per SlowMist): Unknown. Reported loss: 446 ETH.
- chain
- bitcoin
- protocol
- Soda
- bug_class
- unknown
- date_occurred
- 2020-09-20
- loss_usd
- —
- source_id
- sm:soda::2020-09-20