Bonzo Finance, a lending protocol in the Hedera ecosystem, suffered an oracle attack, with losses of about $9,000,000

robot
Abstract generation in progress

Golden Finance reports that on July 11, the Hedera-based lending protocol Bonzo Finance suffered an oracle attack, with losses of about $9 million. The attacker used collateral after the SAUCE token price was abnormally inflated. They borrowed assets from the protocol far exceeding their real value. Bonzo’s preliminary incident report shows that the attacker initially deposited only 250 SAUCE, then submitted a single price update to artificially raise the token price by about 12 orders of magnitude. After that, the address borrowed $6.63 million USDC and 34.5 million wrapped HBAR (wHBAR) from the lending pool.

It is claimed that this attack was not due to any vulnerability in Bonzo’s smart contracts or Hedera’s underlying network itself, but rather stemmed from a vulnerability in the oracle validator on the oracle service provider Supra. Its incorrect validation accepted SAUCE price data with a signature set to zero. Supra has since confirmed the issue and completed the fix.

HBAR-0.66%
SAUCE-1.23%
View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Repost
  • Share
Comment
Add a comment
Add a comment
No comments
  • Pinned