Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Reproducible Foundry test fork from SunWeb3Sec/DeFiHackLabs. Clone the repo, run forge test against the file path above, and replay the exploit against a mainnet fork at the historical block. Use for reproduction only — not for live targets.
The sPMM algorithm controlling the pricing of WOOFi trades on DEX WOOFi was exploited on Arbitrum. The exploit consisted of a sequence of flash loans that took advantage of low liquidity to manipulate the price of WOO in order to repay the flash loans at a cheaper price. The exploiter repeated this attack 3 times within a very short period of time, which netted about $8.75m in profits after returning the flash loans. Attack method (per SlowMist): Flash Loan Attack. Reported loss: $ 8,750,000.
- chain
- arbitrum
- protocol
- WOOFi
- bug_class
- flashloan
- date_occurred
- 2024-03-05
- loss_usd
- $8,750,000
- source_id
- sm:woofi::2024-03-05