A number of experts have attempted to break down the exploit that plagued the Pickle Finance decentralized finance protocol over the weekend, and have concluded that it was a highly complex attack.
Late Nov 21, the DeFi stablecoin yield farming protocol Pickle Finance lost almost $20 million through a flash loan attack on its Dai ‘pickle jar,’ or liquidity farm. As reported by BeInCrypto, the team behind the protocol asked ‘farmers’ to extract their collateral, leading to its native token price collapsing by over 50%.
As the digital dust settles, a number of DeFi researchers have delved deeper into the incursion to uncover exactly what happened.
Breaking Down the Pickle Attack
The coder suggested there were several flaws in the system that allowed such a vulnerability to be exploited;
“Taking advantage of multiple flaws in the system, including issues with the Jar swap and Jar convert logic, the attacker was able to craft a sophisticated exploit to carry out the heist.”
The attack, which has been dubbed ‘Evil Jar,’ was able to be reverse-engineered as Pickle Jars are forked versions of v1 Yearn Vaults with modifications.
A Controller smart contract governs the jars and the latest version has a direct swap function. It was this feature that was exploited, enabling the attacker to craft an ‘Evil Jar’ contract making it possible to drain funds from the Controller.
Developer ‘vasa’ [@vasa_develop] created a graphical interpretation of the attack which he claimed has been one of the most intricate hacks in the ecosystem so far.
Vasa added that 19.7 million DAI were lost in the hack and about $50k DAI was rescued after reverse-engineering the attack.
Cornell computer scientist ‘orb_x_ball’ [@orbxball] also weighed in on the sophisticated attack;
“There are actually 8 flaws utilized in this exploit. YET, there’s one thing worth pointing out. This exploit only happens when these 8 flaws occur at the same time.”
It was also pointed out on another postmortem blog that the attacker had excellent knowledge of Solidity and EVM (Ethereum Virtual Machine), and had likely been paying close attention to the Yearn code for some time since Pickle jars originated from yVaults.
Pickle Finance had patched the exploited smart contract adding that jars were now safe from this particular attack vector.
At the time of press, PICKLE token prices were trading at $11.75, still down more than 50% since before the attack and liquidity had yet to return to the beleaguered protocol.
The attack comes less than a month after Harvest Finance was hit with a flash loan exploit.