Kyberswap

Intro

This incident happened on 11/22/2023. The loss is around 46 million dollars.

Here is a post mortem:

https://twitter.com/0xdoug/status/1727613541115429314

This attack is a variation of a known issue in Kyberswap:

That known issue

This attack

The attack drained 3 pools individually using the same method. WLOG we will look at the ETH/wstETH pool.

The attack started with a flashloan of 10000 wstETH, then swap 2800 wstETH into the pool. Now the price of wstETH drops from 1.05 ETH to 0.0000152 ETH.

This price manipulation isn't a typical oracle manipulation. The purpose of it is to push the concentrated liquidty curve to an area with no liquidity at all. This is an attack to the Kyberswap concentrated liquidty curve math.

PreviousRounding Issues NextBridges

Last updated 8 months ago