The Analysis of the Array Finance Security Incident

Figure 1
Figure 2
  • First, the attacker invoked the buy function of the Array Finance. The attacker gained 430 ARRAY tokens minted by the Array Finance using 45.91 WETH.
  • Then the attacker invoked the joinPool function of a closed source contract (Array Collater - 0xa800cda5) five times. He/she deposited 676,410.58 DAI + 679,080.46 USDC + 901.82 WETH + 20 WBTC + 20 renBTC and gained 726.38 aBPT tokens minted by Array Collater.
  • The attacker invoked the sell function to burn 430 ARRAY tokens and got 77.17 aBPT tokens.
  • At last, the attacker invoked the exitPool function of the Array Collater. He/she burned 804.55 aBPT tokens obtained in previous two steps and obtained 748,271.55 DAI + 751,225.08 USDC + 997.62 WETH + 22.63 WBTC + 22.74 renBTC.

Summary

--

--

--

A Blockchain Security and Data Company.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Jobs For Veterans in Information Security are Growing Rapidly

Security and clarity is not expensive, it is priceless

Meet Our Partners: HYPESALT

HTB: Lame Writeup w/o Metasploit

ftp anonymous login

Binance Chain Wallet and How to Move BNB from Binance.us to BSC

No place for a false sense of (cyber) security

Instructions for Infostealer.Bancos.BG Removal

What’s the big deal with encryption?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
BlockSec

BlockSec

A Blockchain Security and Data Company.

More from Medium

Dopple Finance’s $KUSD and Synthetic Assets Manual Minting Analysis

DeFi Security Lecture 3— Sandwich Attacks

Knownsec Blockchain Lab | Interesting Smart Contract Honeypot Analysis (PART 2)

Avoiding Rug Pulls at Web3, Part 1: Tech