Weak fortifications surrounding the project’s oracle and governance process allowed the invading hacker to pass a malicious proposal and manipulate the price of collateral.
However with $3M gone, will this leave Fortress in ruins?
The protocol’s price oracle was vulnerable to manipulation as the price submit() function is publicly callable.
Coupled with a malicious proposal to add FTS as collateral (with a factor of 700000000000000000), the attacker was able to drain all assets from the platform using just 100 FTS (~4.5$ at pre-hack prices) as collateral.
The attack was funded with ETH (on BSC), originally sourced from Tornado Cash on mainnet. The funds were then swapped for large quantities of FTS, which were used to reach quorum for the malicious proposal and as collateral.
Following the exploit, the attacker deposited a total of 1048 ETH ($2.6M) and 400k DAI into Tornado Cash.
Oracle attack tx: 0x13d198…
The project’s site lists ChainLink among its “collaboraters” (sic), however it seems that their oracle expertise was not part of the “collaboration”.
Although the attacker was able to pass quorum, their malicious governance proposal was active for 3 days. Why was the suspicious vote not addressed?
Once again, we see that taking a vigilant role in governance is important, not just for the team but for all users.
Will the larger JetFuel Finance ecosystem bail out users for the lost funds?
REKT serves as a public platform for anonymous authors, we take no responsibility for the views or content hosted on REKT.
donate (ETH / ERC20): 0x3C5c2F4bCeC51a36494682f91Dbc6cA7c63B514C
REKT is not responsible or liable in any manner for any Content posted on our Website or in connection with our Services, whether posted or caused by ANON Author of our Website, or by REKT. Although we provide rules for Anon Author conduct and postings, we do not control and are not responsible for what Anon Author post, transmit or share on our Website or Services, and are not responsible for any offensive, inappropriate, obscene, unlawful or otherwise objectionable content you may encounter on our Website or Services. REKT is not responsible for the conduct, whether online or offline, of any user of our Website or Services.
you might also like...
Mad Meerkat Finance (not to be confused with normal Meerkat Finance) lost $2M to a DNS exploit. Back-end attacks, front-end attacks, when will we see the end of the attacks?
Fei Rari - rekt. Seven of Rari’s Fuse pools were drained for a total of ~$80M. This isn’t the first time that Rari's got rekt - lets hope the hackers don’t go for a hat trick.
$11M was stolen from Saddle Finance yesterday, with a further $3.8M taken in a rescue by BlockSec. Despite claiming that “user funds are safe”, Saddle later clarified they were only referring to the amount that was not stolen. rekt.news can clarify that the $11 million that was stolen, is not safe.