The Analysis of the Array Finance Security Incident

Figure 1
Figure 2
  • First, the attacker invoked the buy function of the Array Finance. The attacker gained 430 ARRAY tokens minted by the Array Finance using 45.91 WETH.
  • Then the attacker invoked the joinPool function of a closed source contract (Array Collater - 0xa800cda5) five times. He/she deposited 676,410.58 DAI + 679,080.46 USDC + 901.82 WETH + 20 WBTC + 20 renBTC and gained 726.38 aBPT tokens minted by Array Collater.
  • The attacker invoked the sell function to burn 430 ARRAY tokens and got 77.17 aBPT tokens.
  • At last, the attacker invoked the exitPool function of the Array Collater. He/she burned 804.55 aBPT tokens obtained in previous two steps and obtained 748,271.55 DAI + 751,225.08 USDC + 997.62 WETH + 22.63 WBTC + 22.74 renBTC.

Summary

--

--

--

A Blockchain Security and Data Company.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

CyberVein Weekly Report

WILL COVID-19 LEAD TO MORE CYBERTHREATS?

How CyberVein Can Boosts the Covid-19 Medical Supply Chain?

Applications of the Merkle Tree Data Structure

Bug Bounty Up To $250.000 USD

What Is The Concept of Network Security and Troubleshooting

network security troubleshooting scenarios
 network security troubleshooting
 modern network security issues and challenges

Introducing the PERI Finance UniSwap Liquidity Mining Rewards Program

{UPDATE} Kelime Dehası 2 Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
BlockSec

BlockSec

A Blockchain Security and Data Company.

More from Medium

[Not All Tokens Are Good] The quick analysis of the Paraluni attack

Altcoin project hacked: 136,000 tokens withdrawn in seconds ⚠️

Lunaray Security Scan Report

Knownsec Blockchain Lab | Discussion on the extractable value of miners (MEV)