Amber Group: Vulnerability In Mai Finance’s Vault Has Been Fixed

Key Points:

  • On October 18, 2022, two vaults belonging to Mai Finance (SCSEMVT and YCSEMVT) contained a significant vulnerability, according to a statement from Amber Group’s blockchain security team.
  • Due to this flaw, an attacker might manipulate the price of the collateral, take out the whole amount from the pool, and escape with bad debts.
  • On October 19, Amber Group approached the QiDao team. On October 20, the QiDao team launched a fresh Oracle contract after confirming the problem and developing a solution.
On October 18, 2022, two of Mai Finance’s vaults (SCSEMVT and YCSEMVT) included a significant vulnerability that was found by Amber Group’s blockchain security team. Due to this flaw, an attacker might manipulate the price of the collateral, take out the whole amount from the pool, and escape with bad debts.
Amber Group: Vulnerability In Mai Finance's Vault Has Been Fixed

Users may borrow stablecoin (MAI) at 0% interest through Mai Finance, a zero-interest lending system. Anyone may establish QiDao vaults and put down assets to be used as security for loans.

With the overcollateralized stablecoin system known as Mai, loans are always secured by having more value locked than the debt.

ChainSecurity revealed a new type of reentrancy flaw in Curve in the middle of October 2022. The so-called read-only reentrancy vulnerability enables an attacker to revisit the get virtual price() oracle function through a carefully written smart contract and obtain an inflated LP token price in return, opening the door for criminals to benefit.

Amber Group: Vulnerability In Mai Finance's Vault Has Been Fixed

To get the price of an LP token produced from the pegged assets of a stable swap pool, a lending protocol linked with Curve LPs often employs the oracle function offered by Curve and named get virtual price().

For the time being, the attacker is free to alter the execution flow any way they choose. What happens if the attacker calls get virtual price() once more in the fallback function’s initial line? The virtual price increases when the quantity of Curve LP tokens is reduced, and the balances are not updated. Then, another batch of underlying assets might be removed, or even some pools could be drained using the manipulated pricing.

The QiDao’s YCSEMVT vault modified get virtual price() as one of the sources to estimate the collateral price as a result of becoming one of the targets of the new read-only reentrancy attack.

Amber Group: Vulnerability In Mai Finance's Vault Has Been Fixed

On October 19, Amber Group approached the QiDao team. On October 20, the QiDao team launched a fresh Oracle contract after confirming the problem and developing a remedy.

On October 24, the same vulnerability was exploited on Polygon, but it was not related to QiDao.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join us to keep track of news: https://linktr.ee/coincu

Website: coincu.com

Harold

Coincu News

Amber Group: Vulnerability In Mai Finance’s Vault Has Been Fixed

Key Points:

  • On October 18, 2022, two vaults belonging to Mai Finance (SCSEMVT and YCSEMVT) contained a significant vulnerability, according to a statement from Amber Group’s blockchain security team.
  • Due to this flaw, an attacker might manipulate the price of the collateral, take out the whole amount from the pool, and escape with bad debts.
  • On October 19, Amber Group approached the QiDao team. On October 20, the QiDao team launched a fresh Oracle contract after confirming the problem and developing a solution.
On October 18, 2022, two of Mai Finance’s vaults (SCSEMVT and YCSEMVT) included a significant vulnerability that was found by Amber Group’s blockchain security team. Due to this flaw, an attacker might manipulate the price of the collateral, take out the whole amount from the pool, and escape with bad debts.
Amber Group: Vulnerability In Mai Finance's Vault Has Been Fixed

Users may borrow stablecoin (MAI) at 0% interest through Mai Finance, a zero-interest lending system. Anyone may establish QiDao vaults and put down assets to be used as security for loans.

With the overcollateralized stablecoin system known as Mai, loans are always secured by having more value locked than the debt.

ChainSecurity revealed a new type of reentrancy flaw in Curve in the middle of October 2022. The so-called read-only reentrancy vulnerability enables an attacker to revisit the get virtual price() oracle function through a carefully written smart contract and obtain an inflated LP token price in return, opening the door for criminals to benefit.

Amber Group: Vulnerability In Mai Finance's Vault Has Been Fixed

To get the price of an LP token produced from the pegged assets of a stable swap pool, a lending protocol linked with Curve LPs often employs the oracle function offered by Curve and named get virtual price().

For the time being, the attacker is free to alter the execution flow any way they choose. What happens if the attacker calls get virtual price() once more in the fallback function’s initial line? The virtual price increases when the quantity of Curve LP tokens is reduced, and the balances are not updated. Then, another batch of underlying assets might be removed, or even some pools could be drained using the manipulated pricing.

The QiDao’s YCSEMVT vault modified get virtual price() as one of the sources to estimate the collateral price as a result of becoming one of the targets of the new read-only reentrancy attack.

Amber Group: Vulnerability In Mai Finance's Vault Has Been Fixed

On October 19, Amber Group approached the QiDao team. On October 20, the QiDao team launched a fresh Oracle contract after confirming the problem and developing a remedy.

On October 24, the same vulnerability was exploited on Polygon, but it was not related to QiDao.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join us to keep track of news: https://linktr.ee/coincu

Website: coincu.com

Harold

Coincu News