TheStandard.io Hack Analysis

TheStandard.io Hack Analysis

Overview:

On November 6, 2023, TheStandard.io suffered an attack due to a lack of slippage protection, leading to an approximate loss of over 290K USD.

Smart Contract Hack Overview:

• Attacker address: 0x09ed48
• Vulnerable Contract: 0x29046f
• Attack contract: 0xb589d4
• Attack Transaction: 0x51293c

Decoding the Smart Contract Vulnerability:

• The exploitation’s root cause was the absence of slippage protection during collateral swapping, resulting in a loss of approximately $290K.
• The attacker initiated a CDP (SmartVaultV2) by using 10 WBTC as collateral to generate 290,000 EUROs.
• Following this, the attacker compelled the SmartVaultV2 contract to conduct a manipulated swap in the WBTC/PAXG pool, leveraging a previously opened sole position.
• This manipulation enabled the draining of liquidity and the seizure of all WBTC collateral from the SmartVaultV2 contract.
• Consequently, the protocol incurred bad debt, while the attacker profited from the minted EUROs.

Mitigation and Best Practices:

• Always validate your code by writing comprehensive test cases that cover all the possible business logic.
• To prevent such vulnerabilities, the best Smart Contract auditors must examine the Smart Contracts for logical issues. We at CredShields provide smart contract security and end-to-end security of web applications and externally exposed networks. Schedule a call at https://credshields.com/
• Scan your Solidity contracts against the latest common security vulnerabilities with 130+ detections at SolidityScan

Conclusion:

SolidityScan is an advanced smart contract scanning tool that discovers vulnerabilities and reduces risks in code. Request a security audit with us, and we will help you secure your smart contracts. Signup for a free trial at https://solidityscan.com/signup

Follow us on our Social Media for Web3 security-related updates.
SolidityScan — LinkedIn | Twitter | Telegram | Discord