Home Web3 SecurityCrypto Hacks & Exploits COVER exploit: Business bug caused Unlimited Minting

COVER exploit: Business bug caused Unlimited Minting

by ImmuneBytes
COVER exploit: Business bug caused Unlimited Minting

Initiated at 08:08 AM +UTC, Dec 28, an anonymous hacker walked out with $12 quintillion worth of COVER because of a DeFi bug that allowed the hacker to mint infinite $COVER tokens. 

Although there was no damage done to the COVER protocol, the token behind it i.e. the Blacksmith?s contract, was exploited. The incident occurred due to a bug in the business logic of the protocol that miscalculated the reward amount for staking users. 

Even though the incident leads to the unlimited minting of COVER tokens, these minted tokens were ditched at various DEX platforms, lowering down the token value drastically. Speculations are, it was a white-hat operation and the gains from the exploit have already been reinstated to the team.

More on the Business Logic Bug

According to the post-mortem done by Cover, Pool memory pool = pools[_lpToken]; is the line of code that caused the whole facade.

pasted image 0 (1)

Source: https://github.com/CoverProtocol/cover-token-mining/blob/main/contracts/Blacksmith.sol#L118

Explaining further, this particular LOC caused the updating of the pool state to be ineffective on the miner?s state when depositing.

pasted image 0 (2)

Source: https://github.com/CoverProtocol/cover-token-mining/blob/main/contracts/Blacksmith.sol#L121

This misalignment in the smart contract code enabled the Blacksmith to mint more rewards to the miner. This bug was present in the Blacksmith contract from the day it was deployed, after being audited.

The Aftermath

The team at Cover Protocol asked the users to remove their liquidity from the COVER/ETH pool on Sushiswap and to also refrain from buying any more COVER tokens.

?Hello everyone, we are exploring providing a NEW $COVER token through a snapshot before the minting exploit was abused. The 4350 ETH that has been returned by the attacker will also be handled through a snapshot to the LP token holders. We are still investigating. Do NOT buy COVER?, said the Cover team in a tweet.

As contemplated, the $Cover price plummeted from an average of $800 down to $50 within a few hours and is most likely to continue declining as the word spreads about the breach.

Key Takeaways

  • Blacksmith?s Contract was exploited.
  • The hacker was able to mint the COVER token to a minimum value.
  • Gains of 4350 ETH have already been returned by the hacker.
  • $COVER plummeted down to $50.

We sincerely hope such incidents are effectively reduced as we set foot into a new year but until then it?s on you to stay safe and choose wisely. Connect with the team at ImmuneBytes for all your smart contract security fixes.

You may also like