The Real Root Cause of the Vee Finance Security Incident

The whole process

There is an external function called createOrderERC20ToERC20 that can be invoked by any users to create a token swap, using the ctoken obtained through putting the collateral into the contract. The ctoken has an underlying token that represents the real token.

Conclusion

In summary, the attacker exploits the missing check of the ctokenB. Since the ctokenB is not a trusted one, then the underlying token returned by ctokenB cannot be trusted. However, the price oracle has NOT been compromised in this attack.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
BlockSec

BlockSec

The BlockSec Team focuses on the security of the blockchain ecosystem and the research of crypto hack monitoring and blocking, smart contract auditing.