Even in late 2021, it is not uncommon for DeFi protocols to suffer some form of attack. For Indexed Finance, that attack occurred recently and involved $16 million being stolen from two indices. Although the smart contract has been fixed, it is still a severe warning for those blindly entrusting money to code on a blockchain.
A Recap of The Indexed Finance Exploit
- Indexed Finance suffered its first attack since launching in December 2020.
- The attack saw $16m in funds being stolen from the DEFI5 and CC10 indices.
- Through a pool rebalancing exploit, the attacker was able to perform multiple smaller attacks against both Indices.
- Trouble began when the DEFI5 was ready for re-indexing, which occurs once a week. The value of UNI approximated the pool value for SUSHI.
- Through an exploit, the attacker took $156 million of flash swaps for initialized assets of DEFI5 to purchase UNI from the Indexed Finance pool in chunks.
- By forcing a minimum balance update on the controller and a low UNI balance in the pool, the pool’s approximated value was calculated at a very low amount.
- The attacker minted new DEFI5 in chunks through these purchased UNI assets, inflating the pool supply significantly.
- Moreover, the borrowed SUSHI was used to mint even more DEFI5, after which the DEFI5 were burned for all underlying assets, a process that was repeated several times.
- A similar exploit affected Index Finance’s CC10, although someone had done the re-indexing part already.
- The developers have identified the issue in the smart contract and will modify it accodingly.
- Affected users have yet to be compensated as no decision has been made to approach this aspect.
None of the information on this website is investment or financial advice and does not necessarily reflect the views of CryptoMode or the author. CryptoMode is not responsible for any financial losses sustained by acting on information provided on this website by its authors or clients. Always conduct your research before making financial commitments, especially with third-party reviews, presales, and other opportunities.