Pickle Finance Postmortem Details How $19 Million DAI was Pilfered

Share Article
In Brief
The Trust Project is an international consortium of news organizations building standards of transparency.

A number of experts have attempted to break down the exploit that plagued the Pickle Finance decentralized finance protocol over the weekend, and have concluded that it was a highly complex attack.



Late Nov 21, the DeFi stablecoin yield farming protocol Pickle Finance lost almost $20 million through a flash loan attack on its Dai ‘pickle jar,’ or liquidity farm. As reported by BeInCrypto, the team behind the protocol asked ‘farmers’ to extract their collateral, leading to its native token price collapsing by over 50%.

As the digital dust settles, a number of DeFi researchers have delved deeper into the incursion to uncover exactly what happened.


Harvest Finance Hack

Breaking Down the Pickle Attack

Yearn Finance core developer ‘banteg’ [@bantg] worked in collaboration with the Pickle Finance team and a number of other white hats to reproduce the attack and publish the technical details.

The coder suggested there were several flaws in the system that allowed such a vulnerability to be exploited;

“Taking advantage of multiple flaws in the system, including issues with the Jar swap and Jar convert logic, the attacker was able to craft a sophisticated exploit to carry out the heist.”

The attack, which has been dubbed ‘Evil Jar,’ was able to be reverse-engineered as Pickle Jars are forked versions of v1 Yearn Vaults with modifications.

A Controller smart contract governs the jars and the latest version has a direct swap function. It was this feature that was exploited, enabling the attacker to craft an ‘Evil Jar’ contract making it possible to drain funds from the Controller.

Developer ‘vasa’ [@vasa_develop] created a graphical interpretation of the attack which he claimed has been one of the most intricate hacks in the ecosystem so far.

Vasa added that 19.7 million DAI were lost in the hack and about $50k DAI was rescued after reverse-engineering the attack.

Highly Sophisticated

Cornell computer scientist ‘orb_x_ball’ [@orbxball] also weighed in on the sophisticated attack;

“There are actually 8 flaws utilized in this exploit. YET, there’s one thing worth pointing out. This exploit only happens when these 8 flaws occur at the same time.”

It was also pointed out on another postmortem blog that the attacker had excellent knowledge of Solidity and EVM (Ethereum Virtual Machine), and had likely been paying close attention to the Yearn code for some time since Pickle jars originated from yVaults.

Pickle Finance had patched the exploited smart contract adding that jars were now safe from this particular attack vector.

At the time of press, PICKLE token prices were trading at $11.75, still down more than 50% since before the attack and liquidity had yet to return to the beleaguered protocol.

The attack comes less than a month after Harvest Finance was hit with a flash loan exploit.


All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.

Share Article

Martin has been covering the latest developments on cyber security and infotech for two decades. He has previous trading experience and has been actively covering the blockchain and crypto industry since 2017.

Follow Author

$200 reward waiting for you — Deposit, Trade, Follow and Claim today!


Limited offer! Learn to mine and trade crypto today for free