‘Audited’ DeFi project Popsicle Finance gets exploited for $21 million |

CryptoSlate

Multichain yield platform Popsicle Finance ($ICE) suffered a significant exploit today, resulting in a loss of $21 million.

Initial reports claim attackers took advantage of a flaw in the fee accounting mechanism, draining several tokens in the process.

etherscan.io

What’s more, the protocol in question, Sorbetto Fragola, was audited by Peckshield. Arguably giving investors a false sense of confidence in the robustness of the smart contract.

How To Get Free Crypto  

“Sorbetto Fragola allows for users to provide funds, that are then used to liquidity provide (LP) on Uniswap V3, with the Popsicle strategy making sure that the funds are never outside of the LP range.”

This latest incident further calls into question the purpose of smart contract audits and whether they have any merit at all.

What happened with Popsicle Finance?

Peckshield published its audit of Sorbetto Fragola on GitHub on June 28.  But strangely, that audit report seems to be missing pages from the start of the report.

Nonetheless, their smart contract code review turned up six coding bugs, four of which were classed as medium severity, one low severity, and one informational.

The report states five of the six bugs were fixed, with the medium severity issue of “Incorrect Amount Calculation In burnLiquidityShare()” being “Confirmed.”

Coinbase Banner  

The noted bugs did not mention flaws to do with fee accounting.

In the post mortem of what happened, Peckshield said issues related to proper fee accounting enabled the hacker to collect rewards they were not entitled to. Repeating the process across seven other pools multiplied their gains.

“The hack was due to the lack of proper fee accounting when LP tokens are transferred. Specifically, the attacker creates three contracts A, B, and C and repeats in the sequences of A.deposit(), A.transfer(B), B.collectFees(), B.transfer(C), C.collectFees() for eight pools.”

@peckshield on Twitter.com

The end result was a total loss of $20.7 million consisting of 2.6K WETH, 5.4M USDC, 5M USDT, 160K DAI,10K UNI, and 96 WBTC.

CipherTrace warn that DeFi fraud is at record levels

Blockchain analytics firm CipherTrace reports that while crypto crime is declining in 2021, DeFi fraud is at record levels.

For the four months to April 2021, crypto criminals stole $432 million, with 56% of that, or $240 million, coming from DeFi related crime.

The CEO of CipherTrace, Dave Jevans said as DeFi gets bigger, bad actors will continue to exploit inadequate smart contract security.

FreeBitcoin Banner  

“…bad actors will seek to take advantage of the hype to draw people into scams and hackers will seek out projects that have launched without performing adequate security audits, exploiting loopholes encoded in the smart contracts.”

Peckshield concluded that Sorbetto Fragola had a “clearly organized” codebase, and that identified issues were fixed or confirmed. But this is little consolation for investors who lost money.

Get an edge on the cryptoasset market

Access more crypto insights and context in every article as a paid member of CryptoSlate Edge.

On-chain analysis

Price snapshots

More context

Join now for $19/month Explore all benefits

Posted In: DeFi, Hacks

Like what you see? Subscribe for updates.

Go to Source
Author: Samuel Wan


Recommended Crypto Services, Products and Strategies:

The first thing any crypto investor needs is is a reliable and secure Crypto Wallet.  Whether you’re looking for an online wallet, hardware wallet, desktop or mobile wallet, Crypto Renegade provides you with all the Best Crypto Wallets in each category.

Best Crypto Wallets Banner

When you’re ready to buy more crypto, or exchange your coins for others, Crypto Renegade’s list of the Best Crypto Exchanges has you covered.  The Crypto Exchanges recommended here offer everything from simplicity and convenience to advanced trading platforms and profit sharing. 

Best Crypto Exchanges Banner

If you want to learn more about the methods and tools that can be used to find Great Crypto Projects, then be sure to check out Crypto Renegade’s strategy for How To Find The Best Cryptocurrency.

Crypto Strategy Banner

For those people that don’t have any money to invest right now, or just want to understand the technology a bit more, you’ll definitely want to check out Crypto Renegade’s Free Crypto Strategy and start collecting Free Coins today!

Free Crypto Banner

What do you think about cryptocurrency? Do you have any questions about it? Be sure to leave a comment below.

This site uses Akismet to reduce spam. Learn how your comment data is processed.