Rekt - Value DeFi

Did they really know flashloan?

The value of a reputation is volatile. Humility brings stability, boast too much and you end up rekt.

Value DeFi was exploited today for $7,000,000. Another harsh lesson from the flash loan family.

Price before hack - $2.73

Price after hack - $1.87

Releasing this tweet a day before the hack?

PRICELESS

(The tweet has since been deleted, but our screenshot lives on.)

Despite their bold claims of security, it appears the Value DeFi team didn’t know that withdrawals could be made not only through the main Bank contract, but also from the Vault contract through Proxy.

Value DeFi used Curve spot price as an oracle.

The manipulation occurred at steps 5 and 6.

Withdrawal at step 7 is using the wrong Curve function to do the maths.

Credit @emilianobonassi

Credit @FrankResearcher

15:24 - The exploit came at a particularly bad time for Value DeFi, just 20 minutes before they were due to start an AMA.

At 15:41 a user asked about the drop in TVL, which had been over $11M earlier in the day

At 15:42, concern was growing, and group members hoped for a UI bug.

Then at 15:49 the etherscan link dropped into the chat

$7,000,000 had been removed from the Value DeFi vault, with $2,000,000 and the following note returned.

At 16:00, just as the AMA was due to start, Stani Kulechov put out the following tweet.

Meanwhile, in the AMA:

The Value team acknowledged the hack in their Discord at 16:05, yet the AMA questions continued for 40 minutes on unrelated topics, until…

$FARM, $AKRO and now $VALUE have been victims of the flash loan, as harsh lessons are dealt out to weak protocols, exposing the weaknesses in their platforms before returning some amount as a sign of “good faith”.

Only semi-reputable projects have been targeted; those with high activity and a reasonable TVL.

Are these attacks an attempt to teach us something?

Flash loans are a controversial topic in the DeFi space, they’ve been behind many attacks and exploits in recent months, however it could be argued that this is simply accelerating our learning process and aiding in the removal of weak protocols.

Without flash loans, we would be waiting for a whale to do the same. It’s best that we pass through this stage now, during the genesis stage of decentralised finance, as people who are prepared to take risks are experimenting, trying, and releasing new products daily.

Flash loans are here to teach and humble anyone who rushes this process. They are the pinnacle of DeFi - impossible anywhere else, flash loans are a perfect example of the new capabilities that this technology brings.

A feature of DeFi, not an exploit of the code.

The strongest protocols aren’t affected by these attacks. Some are even benefiting.

Flash loans forcibly raise the bar for DeFi developers.

Until the new standards are met, people and protocols will get rekt. It will be painful, and it will be public, but because of this we will learn. DeFi will get stronger, and we will develop better practices, stronger code, and a safer environment for future users.

REKT serves as a public platform for anonymous authors, we take no responsibility for the views or content hosted on REKT.

donate (ETH / ERC20): 0x3C5c2F4bCeC51a36494682f91Dbc6cA7c63B514C

disclaimer:

REKT is not responsible or liable in any manner for any Content posted on our Website or in connection with our Services, whether posted or caused by ANON Author of our Website, or by REKT. Although we provide rules for Anon Author conduct and postings, we do not control and are not responsible for what Anon Author post, transmit or share on our Website or Services, and are not responsible for any offensive, inappropriate, obscene, unlawful or otherwise objectionable content you may encounter on our Website or Services. REKT is not responsible for the conduct, whether online or offline, of any user of our Website or Services.

Value DeFi - REKT

Iron Finance - REKT

Blood in the streets II

Furucombo - REKT

SUBSCRIBE NOW