Harvest finance got hacked for around $34M due to a flashloan attack which manipulated the price in the Curve pool to retrieve more USDT tokens than originally deposited USDT amount in fUSDT pool. This attack was also possible on other f-pools using the same set of steps described below. But the attacker chose not to continue. If the attack had continued, the attacker would have walked away with ~$400M worth of assets.
Harvest is a type of yield farming protocol the same as YFI (Yearn Finance). It gathers yields from various lending protocols and optimizes for the maximum gain to return to depositors. The attacker performed an arbitrage attack by using a large flash loan.
https://ethtx.info/mainnet/0x9d093325272701d63fdafb0af2d89c7e23eaf18be1a51c580d9bce89987a2dc1/
We will be focusing on this specific transaction to understand the hack.
https://etherscan.io/tx/0x9d093325272701d63fdafb0af2d89c7e23eaf18be1a51c580d9bce89987a2dc1
We have put together a GitHub repository to reproduce the attack. Here is the Github repo:
https://github.com/abdulsamijay/Defi-Hack-Analysis-POC/tree/master/src/harvest-finance
Also read :
Pickle Finance Hack Analysis & POC.
Orion Protocol Hack Analysis- February 4, 2023
Kokomo Finance – Hack Analysis (March 27, 2023)
Dforce Network – February 13, 2023
Cream Finance Hack: What Motivates Hackers To Return Stolen Funds?
A comprehensive introduction to smart contract security audit and preparation of relevant interview questions.
The AI and blockchain integration can help overcome some of the limitations of each technology…
Decentralized exchanges (DEXs) have disrupted the cryptocurrency trading landscape by introducing trustless and transparent platforms…
Marking a monumental milestone in its journey from an innovative peer-to-peer cash system to a…
Illiquid Marketplaces is a common problem with various underlying factors. Information asymmetry, where one party…
Data has become the vigor of the digital age, powering industries, economies, and societies worldwide.…
This website uses cookies.