Pickle Finance Postmortem Details How $19 Million DAI was Pilfered

2 mins
23 November 2020, 06:49 GMT+0000
Updated by Kyle Baird
23 November 2020, 07:03 GMT+0000
In Brief
  • Pickle Finance attack was highly sophisticated.
  • As many as eight design flaws were exploited.
  • 19.7 million Dai were stolen from the protocol.
  • promo

A number of experts have attempted to break down the exploit that plagued the Pickle Finance decentralized finance protocol over the weekend, and have concluded that it was a highly complex attack.

Late Nov 21, the DeFi stablecoin yield farming protocol Pickle Finance lost almost $20 million through a flash loan attack on its Dai ‘pickle jar,’ or liquidity farm. As reported by BeInCrypto, the team behind the protocol asked ‘farmers’ to extract their collateral, leading to its native token price collapsing by over 50%.

As the digital dust settles, a number of DeFi researchers have delved deeper into the incursion to uncover exactly what happened.

Harvest Finance Hack

Breaking Down the Pickle Attack

Yearn Finance core developer ‘banteg’ [@bantg] worked in collaboration with the Pickle Finance team and a number of other white hats to reproduce the attack and publish the technical details.

The coder suggested there were several flaws in the system that allowed such a vulnerability to be exploited;

“Taking advantage of multiple flaws in the system, including issues with the Jar swap and Jar convert logic, the attacker was able to craft a sophisticated exploit to carry out the heist.”

The attack, which has been dubbed ‘Evil Jar,’ was able to be reverse-engineered as Pickle Jars are forked versions of v1 Yearn Vaults with modifications.

A Controller smart contract governs the jars and the latest version has a direct swap function. It was this feature that was exploited, enabling the attacker to craft an ‘Evil Jar’ contract making it possible to drain funds from the Controller.

Developer ‘vasa’ [@vasa_develop] created a graphical interpretation of the attack which he claimed has been one of the most intricate hacks in the ecosystem so far.

Vasa added that 19.7 million DAI were lost in the hack and about $50k DAI was rescued after reverse-engineering the attack.

Highly Sophisticated

Cornell computer scientist ‘orb_x_ball’ [@orbxball] also weighed in on the sophisticated attack;

“There are actually 8 flaws utilized in this exploit. YET, there’s one thing worth pointing out. This exploit only happens when these 8 flaws occur at the same time.”

It was also pointed out on another postmortem blog that the attacker had excellent knowledge of Solidity and EVM (Ethereum Virtual Machine), and had likely been paying close attention to the Yearn code for some time since Pickle jars originated from yVaults.

Pickle Finance had patched the exploited smart contract adding that jars were now safe from this particular attack vector.

At the time of press, PICKLE token prices were trading at $11.75, still down more than 50% since before the attack and liquidity had yet to return to the beleaguered protocol.

The attack comes less than a month after Harvest Finance was hit with a flash loan exploit.


BeInCrypto has reached out to company or individual involved in the story to get an official statement about the recent developments, but it has yet to hear back.