DeFi Protocol Indexed Finance Gets Exploited For $16 Million

0
CryptoMode Exploits Google Apple Microsoft Indexed Finance

Even in late 2021, it is not uncommon for DeFi protocols to suffer some form of attack. For Indexed Finance, that attack occurred recently and involved $16 million being stolen from two indices. Although the smart contract has been fixed, it is still a severe warning for those blindly entrusting money to code on a blockchain. 

A Recap of The Indexed Finance Exploit

  • Indexed Finance suffered its first attack since launching in December 2020.

  • The attack saw $16m in funds being stolen from the DEFI5 and CC10 indices.

  • Through a pool rebalancing exploit, the attacker was able to perform multiple smaller attacks against both Indices.

  • Trouble began when the DEFI5 was ready for re-indexing, which occurs once a week. The value of UNI approximated the pool value for SUSHI.

  • Through an exploit, the attacker took $156 million of flash swaps for initialized assets of DEFI5 to purchase UNI from the Indexed Finance pool in chunks.

  • By forcing a minimum balance update on the controller and a low UNI balance in the pool, the pool’s approximated value was calculated at a very low amount.

  • The attacker minted new DEFI5 in chunks through these purchased UNI assets, inflating the pool supply significantly.

  • Moreover, the borrowed SUSHI was used to mint even more DEFI5, after which the DEFI5 were burned for all underlying assets, a  process that was repeated several times.

  • A similar exploit affected Index Finance’s CC10, although someone had done the re-indexing part already.

  • The developers have identified the issue in the smart contract and will modify it accodingly.

  • Affected users have yet to be compensated as no decision has been made to approach this aspect.


Looking to advertise? We will gladly help spread the word about your project, company, or service. CryptoMode produces high quality content for cryptocurrency companies. We have provided brand exposure for dozens of companies to date, and you can be one of them. All of our clients appreciate our value/pricing ratio. Contact us if you have any questions: [email protected]