Decentralized U.S. greenback stablecoin protocol Raft claims that regardless of a number of safety audits, the agency nonetheless suffered a safety exploit leading to the lack of $6.7 million final week.
According to the undertaking’s Nov. 13 autopsy report, a couple of days prior, a hacker borrowed 6,000 Coinbase-wrapped staked Ether (cbETH) on decentralized finance protocol Aave, transferred the sum to Raft, and minted 6.7 million R tokens, Raft’s stablecoin, utilizing a sensible contract glitch.
The unauthorized minted funds had been then swapped off the platform by way of liquidity swimming pools on decentralized exchanges Balancer and Uniswap, netting $3.6 million in proceeds. The R stablecoin depegged after the assault.
According to the report:
“The primary root cause was a precision calculation issue when minting share tokens, which enabled the exploiter to obtain extra share tokens. The attacker leveraged the amplified index value to increase the worth of their shares.”
The sensible contracts exploited in the course of the incident had been audited by blockchain safety companies Trail of Bits and Hats Finance. “Unfortunately, the vulnerabilities that led to the incident were not detected in these audits,” Raft wrote.
The project said that since the Nov. 10 incident, it has filed a police report and is working with centralized exchanges to track down the flow of the stolen funds. All of Raft’s smart contracts are currently suspended, though users who minted R “retain the ability to repay their positions and retrieve their collateral.”
Decentralized stablecoins are minted with customers’ crypto deposits as collateral. In December 2022, decentralized stablecoin HAY depegged in opposition to the U.S. greenback after a hacker took advantage of a smart contract glitch and minted 16 million HAY with out correct collateral. The HAY stablecoin has since repegged, partly due to the protocol requiring a collateralization ratio of 152% on the time of the exploit as a part of its danger administration.
We are conscious of a possible safety vulnerability.
We are at the moment investigating and can present an replace as quickly as we will.
— Raft (@raft_fi) November 10, 2023
Related: September becomes the biggest month for crypto exploits in 2023
