Decentralized finance [DeFi] protocol, Rari Capital was exploited on Saturday after an attacker siphoned off with nearly 2600 ETH, or approximately $10 million.
In a post-mortem report, the Co-Founder of Rari Capital, David Lucid revealed that the funds were extracted from the protocol’s Ethereum Pool before the malicious entity was stopped when the contracts were halted. The net loss equated to 60% of all users’ funds in the said Ethereum Pool.
What exactly unfolded at Rari Capital’s ETH Pool?
The Rari Capital Ethereum Pool deposits ETH into Alpha Finance’s ibETH token as one of the DeFi platform’s yield-generating strategies. This strategy is essentially involved in tracking the value of its ibETH as
ibETH.totalETH() / ibETH.totalSupply(). The exploit was related to this ibETH vault inside which the attacker reportedly executed a few steps repeatedly. Following are the steps that were carried out on loop:
- Ether [ETH] flashloan from the non-custodial decentralized exchange, dYdX was noted.
- Ether [ETH] deposited into the Rari Capital Ethereum Pool.
- The value was manipulated by inflating it artificially high.
- More Ether [ETH] was withdrawn from the platform’s Ethereum Pool than the attacker deposited because its balances were artificially inflated.
- In the end of
ibETH.work, the value of
ibETH.totalETH()bounced back to its true value, which resulted in the Rari Capital Ethereum Pool’s balances to lower than they were prior to the exploit. The malicious entity ended up withdrawing a lot more than it deposited since the balance was artificially pumped.
The Rari Capital contributors were unable to understand that
ibETH.totalETH() could be manipulated for the duration of these external calls from
ibETH.work. Furthermore, the exploited code was reportedly audited by blockchain security platform, Quantstamp.
While talking about few steps to implement to mitigate the risks of attacks in the future, Lucid stated,
“Of course, we hope to enlist more top auditing firms other than Quantstamp and Omniscia. We already have another audit planned with OpenZeppelin.”
The native token behind the deFi protocol, the Rari Governance Token [RGT] crashed by more than 20% following the exploit. It was currently exchanging hands at $13.86 after the drop. It also negated its weekly gains by 5.96%.