DODO Details $3.8 Million DeFi Attack in Post Mortem

Share Article
In Brief
  • As much as $3.8 million was drained in the attack.

  • DODO has recovered $1.89 million from one attacker.

  • Token price down nearly 6% since the daily open.

  • promo

    Stake your points and qualify for the 200,000 USDT prize pool. Start staking now!

The Trust Project is an international consortium of news organizations building standards of transparency.

The DODO decentralized exchange (DEX) has carried out a post mortem on the attack which resulted in as much as $3.8 million being drained.

Sponsored



Sponsored

BeInCrypto broke the news on March 9 that the DODO DEX had come under attack and a number of its liquidity pools were drained. At the time, $2.1 million was suspected to have been drained from several DODO v2 crowdpools. However, the post mortem carried out by the team suggests it could be more.

DODO explained in the post mortem that the v2 crowdpooling smart contract had a bug allowing a function to be called multiple times. This means that an exploiter can perform an attack by creating a counterfeit token and initializing the smart contract with it by calling the function in question [init()].

Sponsored



Sponsored

The attacker calls another function and sets the “reserve” variable, which represents the token balance, to zero. The init() function is used again to re-initialize with a “real” token. This allows the execution of a flash loan to transfer all the real tokens from the pools.

Some DODO Funds Returned

DODO stated that it had managed to recover $1.89 million and that the team is in the process of returning these funds to the affected parties. That leaves around $1.91 million stolen in the attack.

Allegedly, two individuals participated in the exploit. The second had “all the hallmarks of a frontrunning bot”. The first individual has already contacted DODO and offered to send back the funds removed from pools.

The exploits didn’t affect trading and wallet addresses that had DODO approvals are also unaffected.

Rekt Blog also ran an analysis on the attack. It stated that $2 million is a relatively small sum for an anonymous actor to take. Referring to the nature of hackers (black hats vs white) it added;

“It’s likely that the colour of the hat changes according to the sums of money that are available. Small sum = white hat for clout – Big sum = take it and add it to the other millions.”

DODO Token Price Update

DODO’s native token survived the incident relatively unscathed trading flat around $4 over the past couple of days. It had a short spike to $4.26 during the morning of March 10 but quickly started to fall back. It is currently registering a 6% fall on the day to $3.84.

DODO hit an all-time high of $8 following the launch of liquidity farming on Binance in late February.

The total value locked on the DEX is currently $39 million. This is up marginally from yesterday’s levels but down 29% from before the exploit.

Disclaimer

All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.
Sponsored
Share Article

Martin has been covering the latest developments on cyber security and infotech for two decades. He has previous trading experience and has been actively covering the blockchain and crypto industry since 2017.

Follow Author

Limited offer! Learn to mine and trade crypto today for free

Join

Earn up to $10,000 USD every week in CoinFLEX AMM+ Arena!

Earn Now

Be our Supreme Scorer and qualify for a grand prize pool of 200,000 USDT!

Join