SafeDollar exploit root cause analysis
The Exploit
At around 3:48 AM UTC on Jun 28, a hacker managed to mint a huge amount of SDO (an algo stablecoin on Polygon) and dumped them into the market.
How many?
831,309,277,244,108,000 SDO
That’s a lot.
As a result, the hacker has taken out 202k USDC and 46k USDT. And of course it also crashed the price of SDO to 0.
How?
There was one large transaction before the actual exploit transaction above:
In this transaction, the hacker deposited and withdrawal ~2.3M PLX token 101 times, get a lesser amount each time because of the transfer tax of PLX, ended up getting only 2M PLX at the last time.
Seems like a bad deal? Not really.
The hacker then sent the second transaction to claim the reward and got 831,309,277,244,108,000 SDO as the reward.
The Root Cause
As the 101 times of deposit and withdrawal drained the balance of PLX to near zero, the accSdoPerShare skyrocketed (to 1142913215739484400 per PLX in case you would like to find out the exact number).
You might recall one recent exploit that’s very similar to this one: the Garuda exploit. Yeah, that’s the same deal, mishandling of tokens with transfer tax.
How come projects keep falling into the same trap again and again.
Those who cannot learn from history are doomed to repeat it.
About Us
WatchPug is a smart contract security team with the goal of elevating the security, privacy, and usability of the current DeFi ecosystem. For the need for smart contract auditing, please contact us at Twitter or Telegram.
Donation: 0x227d72Ec9f332292523f64032DD25111676404aA
