According to Grim Finance, it was an “advanced attack” in which hackers exploited a flaw in the vault contract.
Grim Finance, a DeFi protocol, and Smart Yield Optimizer Platform has announced that the platform was hacked Saturday 18th in an “advanced attack” that allowed hackers to steal over $30 million worth of Fantom Tokens.
In a series of tweets, Grim Finance explained that the attack was possible because unknown attackers exploited a flaw in its vault contract. Resultantly, the platform has paused all the vaults to avoid further damage as deposited funds are currently at risk.
“The attacker attacked using the function titled beforeDeposit() from our vault strategy entering a malicious token contract,” the Grim team said.
The malicious token contract can start 5 reentrancy loops from safeTransferFrom(), where in all 5 rentrancies, the _pool value is set to the current balance(). On the last safeTransferFrom(), the rentrancy loop is broken, and some want can be transferred to the strategy,
— Grim Finance (@financegrim) December 19, 2021
Although, all vaults have been paused Grim Finance is allowing users to