Connect with us

News

Midas Capital loses $660,000+ in a jAssets flash loan attack

Published

on

Midas Capital, a DeFi lending and borrowing platform paused borrowing on its Jarvis Polygon pool citing a suspicious transaction. The transaction, according to Midas Capital, involved a recently added collateral token. The exploit was detected on the Polygon protocol, with the attacker gaining over 663,101 MATIC, worth about $660,000 in fiat equivalent. The transaction was funded by HitBTC, and the profit was transferred in parts to HitBTC, KuCoin, and Binance. 

The attack was explained by BlockSec Team to be due to an “unexcepted external call before updating critical variables- reentrancy & miscalculation of the token prices.” Midas Capital over-estimated the attack contract’s position and lent excessive assets to the contract, Block Sec said.

“The attacker spent 270K WMATIC used as collateral and minted 131k jFIAT token. After the price changed back and forth, the attacker then created another contract and used 1/10 of the borrowed amount to liquidate the debt and redeem 103k jFIAT token,” Ancilia, Inc reported. “The loan gains were caused by re-entry and price manipulations for jFIAT tokens. During the native token WMATIC send, the attacker used the re-entry opportunity to borrow more.” 

Midas Capital discussed with the Jarvis Network team, listed, and added WMATIC-stMATIC Curve LP for the pool’s users with supply caps of close to 250k. The listed asset was manipulated via a flash loan, allowing the attacker to inflate the LP token price, and borrow against it.

There were supply caps in place to prevent large transactions, however, even with the supply caps, the price increase was enough to let the attacker borrow jAssets worth 600k.

“We wrongly assumed that being a pool composed of only wrapped assets (ERC20s), the re-entrance attack that we had seen in the past would not affect us when using the chain’s native token’s `raw_call`. Well, that was a misjudgement, Midas Capital acknowledged

Read also; 

Talent migration to drive adoption of crypto games in 2023: CMC Report

What do you think of this article? Share comments below. 

0 0 votes
Article Rating
Advertisement Earnathon.com
Click to comment
0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments

Crypto News Update

Latest Episode on Inside Blockchain

Crypto Street

Advertisement



Trending

ALL Sections

Recent Posts

0
Would love your thoughts, please comment.x
()
x