Discover more from Verichains
Verichains Weekly Security Digest | May 2023 Week 2
Last week, the DeFi market lost over $8 million to exploits. with the $DEI token in the spotlight for first, losing $7 million, then managing to recover 80% within 3 days.
🚨Project: LEVEL Finance
💥Type: Business Logic Flaw
💸Loss amount: $1 million
A DeFi project called LEVEL Finance was hacked for $1 million due to a bug introduced into the Referral Controller Contract within the claimMultiple() function, which allowed an attacker to siphon 214k LVL from the contract and converts it to 3,345 BNB. The bug was caused by a line of code that did not correctly accumulate the reward amount, resulting in an alternating positive sequence. The Level team has taken steps to secure the contract, and a fix will be implemented once the timelock expires.
💥Type: Access Control
💸Loss amount: $90,000
A project called Melo Token experienced an exploit that resulted in a loss of $90,000. The exploit occurred due to an error in the mint function, which allowed anyone to generate new tokens. Consequently, an attacker was able to create a substantial number of tokens and utilize them to withdraw a significant amount of valuable tokens in pairs. At the time of writing, Melo Token Twitter has been inactive since September 2021.
💥Type: Wrong Implementation
💸Loss amount: $7 million
A DeFi project called DEUS was hacked for 7 million last week due to a flaw in the burnFrom function of the ERC20 implementation allows an attacker to transfer DEI tokens from any account to their own by manipulating the approval process and exploiting the function's parameters.
At the time of writing, the DEUS DAO had collaborated with white hats and recovered 80% of the fund.