THELOGICALINDIAN - According to Cream Finance the drudge was accomplished by way of reentrancy on the AMP badge contract
Cream Finance has appear a above drudge that a $34 actor loss, according to the team.
Reentrancy Bug Behind Cream Finance Exploit
Cream Finance has been exploited.
The DeFi lending agreement appear its CREAM V1 bazaar had been targeted Monday.
The hacker took advantage of a reentrancy bug on the badge arrangement for AMP, a Consensys-backed agenda accessory badge listed aural the dApp. The accumulation and borrowing on AMP tokens accept been paused.
According to the latest amend by the team, the advance amount a absolute of 460 actor AMP tokens and 2804 ETH (valued at about $34 million).
The hacker accomplished the drudge application a flash loan afore base the reentrancy bug. Reentrancy-based vulnerabilities are one of the best accepted types of aegis bugs in acute contracts.
Cream Finance is a lending and borrowing agreement that takes afflatus from Compound. It angled the DeFi dejected dent and added altered asset pools and its own babyminding token. AMP acclimated the ERC-1820 (based on ERC-777) badge standard, which accustomed for a reentrancy function.
Smart arrangement aegis close PeckShield, which led the antecedent analysis, told Crypto Briefing that there ability be a “composability accident amid Compound-based lending protocols and ERC-777-like tokens”.
PeckShield’s analysis shows that the accomplishment began back the hacker took out a beam loan of 500 ETH and deposited it as accessory to borrow 19 actor AMP tokens. Then, the hacker re-borrowed 355 ETH by leveraging the reentrancy bug. The hacker self-liquidated the accommodation and again the action assorted times to abstract funds.
The CREAM badge has suffered a almost accessory hit in the fallout, trading bottomward 4.8% at about $167.
Update: The estimated absolute amount of the baseborn cryptoassets has been adapted to reflect the latest information.