my smol brain 🤏🧠
— 찌 G 跻 じ ⚡️ 🔑 (@DegenSpartan) August 4, 2020
attackers used the exploit below on @opyn_
looks like they started with flashloans to buy oETH from uniswap to exercise
then they realized fuckit they should just mint oETH themselves
waiting for someone else to confirm and also do the bodycount ☠️ https://t.co/bt2AsWFBue
“This exploit allowed an attacker to “double exercise” oTokens and steal the collateral posted by certain sellers of these puts,”the company said.
Removing Liquidity
The team explained that they’ve removed liquidity from ETH Put pools on Uniswap “to prevent others from buying these oTokens.” They also removed the ability to purchase ETH Puts on the DeFi website.The team offered a 20% premium via Deribit for existing oToken holders to buy any ETH Put oTokens.Hey all, it seems like there has been an issue with some oTokens contracts. We are working hard on understanding this issue so we can let help users as best we can. We have removed liquidity from Uniswap in the mean time. Would be best to not open new vaults at the moment.
— opyn (@opyn_) August 4, 2020
“This only applies to oTokens that were bought before today,”co-founder Alexis Gauba said on Discord (Opyn’s messaging platform). Opyn said that it’s taking serious measures in order to rebuild lost trust among its users. The company is working with samczsun from Trail of Bits to develop a whitehat patch. This has helped to remove 439,170 USDC collateral from outstanding vaults. It continued:
“We are working on designing a plan to mitigate the impact on ETH put sellers.”The exploit has not affected ETH Call, COMP Put, BAL Put, cToken Put, or aToken Put products, the team mentioned. Opyn will also reimburse “ETH put sellers in full” who were affected by the vulnerability.
Disclaimer
All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.