search

Kyberswap

hashtag
Intro

This incident happened on 11/22/2023. The loss is around 46 million dollars.

Here is a post mortem:

https://twitter.com/0xdoug/status/1727613541115429314arrow-up-right

This attack is a variation of a known issue in Kyberswap:

Saving $100M at risk in KyberSwap Elastic100proof.orgchevron-right

hashtag
That known issue

hashtag
This attack

The attack drained 3 pools individually using the same method. WLOG we will look at the ETH/wstETH pool.

The attack started with a flashloan of 10000 wstETH, then swap 2800 wstETH into the pool. Now the price of wstETH drops from 1.05 ETH to 0.0000152 ETH.

This price manipulation isn't a typical oracle manipulation. The purpose of it is to push the concentrated liquidty curve to an area with no liquidity at all. This is an attack to the Kyberswap concentrated liquidty curve math.

PreviousRounding IssuesNextBridges

Last updated