WOOFi offers bounty after $8.75 million exploit on Arbitrum
Quick Take
- WOOFi reported an $8.75 million exploit on its swap service on Arbitrum.
- The team offered the unknown attacker a 10% white hat bounty in exchange for return.
Decentralized finance platform WOOFi reported an exploit targeting its swap offering on the Arbitrum network, resulting in a loss of about $8.75 million in cryptocurrencies.
At 10:49 am ET on Tuesday, an unknown attacker manipulated the platform’s Synthetic Proactive Market Making (sPMM) algorithm through a series of flash loans, taking advantage of the low liquidity to drastically affect the WOO token’s price.
The attacker borrowed around 7.7 million WOO tokens along with other assets and sold them on WOOFi, the team noted in a post-mortem report. This action caused the sPMM algorithm to incorrectly value the project's native token WOO at near-zero prices.
The exploiter then capitalized on this abnormal pricing to swap out 10 million WOO at minimal costs, repeating this process three times in a short span, netting themselves substantial illicit gains.
The anomaly was promptly detected by WOOFi’s transaction monitoring system and other security teams active in crypto, leading to the suspension of WOOFi Swap’s smart contracts by about 11 am ET to prevent further losses and initiate an investigation.
WOOFi’s sPMM algorithm simulates the dynamics of centralized exchanges to offer users optimal pricing. However, an unexpected error in the algorithm’s interaction with WOO’s liquidity conditions on Arbitrum enabled this exploit, according to the the team.
Other WOOFi products such as WOOFi Stake, Earn, and Pro, remain unaffected and operational.
A 10% whitehat bounty was offered
In response to the incident, WOOFi offered the attacker a 10% white hat bounty for the return of the stolen funds. The team stressed it will address the vulnerabilities before redeploying the WOOFi Swap contracts.
"We will work with top security firms to ensure these vulnerabilities are identified at an earlier stage. This is the first time an incident like this has happened to us, and we want to make sure it doesn't happen again," it noted.
The price of each WOO token across various exchanges dropped by 18% after the incident, falling from $0.59 to $0.49. It has now rebounded to above $0.54, according to The Block's price page.
Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.
© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
