Decentralized finance (DeFi) protocol Dough Finance has lost $1.8 million in digital assets following a flash loan attack.
On July 12, Web3 security firm Cyvers detected multiple suspicious transactions and reached out to the lending protocol Aave to verify if its pools were affected. Cyvers confirmed that Aave’s pools remained secure.
Details of the Attack
Despite Aave being unaffected, Dough Finance took a significant hit. According to Cyvers, the attacker used the zero-knowledge (ZK) protocol Railgun to fund the attack and swapped the stolen USD Coin (USDC) for Ether (ETH), totaling 608 ETH worth approximately $1.8 million.
Exploit Mechanics
Web3 security provider Olympix identified the vulnerability as unvalidated calldata within the “ConnectorDeleverageParaswap” contract. Olympix explained:
“The contract didn’t properly check the data it received during flash loan calls, allowing the attacker to manipulate it for their benefit.”
This flaw enabled the attacker to manipulate the contract data and steal the funds.
Impact and Recommendations
Olympix noted that users who had deposited funds in the exploited contract could be affected. However, the hack did not impact Aave’s pools. The security firm advised Dough Finance users to withdraw their funds to a secure wallet and to stay updated with announcements from the Dough Finance team. Users are also urged to avoid interacting with the protocol until the issue is fully
Summary Review:The flash loan attack on Dough Finance, resulting in a $1.8 million loss, highlights the ongoing vulnerabilities within the decentralized finance (DeFi) sector. This incident underscores the importance of robust security measures and thorough validation processes in smart contracts to protect against such exploits. Users of Dough Finance are advised to withdraw their funds to secure wallets and remain vigilant for updates from the protocol’s team. This event serves as a crucial reminder for the entire DeFi community to prioritize security and continuously monitor and update protocols to safeguard digital assets.
Disclaimer: Remember that nothing in this article and everything under the responsibility of Web30 News should be interpreted as financial advice. The information provided is for entertainment and educational purposes only. Investing in cryptocurrency involves inherent risks and potential investors should be aware that capital is at risk and returns are never guaranteed. It is imperative that you conduct thorough research and consult with a qualified financial advisor before making any investment decision