Ethereum Classic 51% Attacks
Learn about how the multiple 51% attacks were carried out on Ethereum Classic on 2019.
Playing the video that you've selected below in an iframe
On October 11, 2022, the TempleDAO based project, Stax Finance was hacked, costing them…
On October 11, 2022, the TempleDAO based project, Stax Finance was hacked, costing them approximately $2.36 million.
Temple DAO is a yield-farming DeFi protocol that offers users yields on deposits.
Stax is a decentralized application powered by TempleDAO.
The potential cause of the incident is that the migrateStake function did not check the oldStaking, so the attacker forged the oldStaking contract to arbitrarily add the balance.
The account was initially funded in through Binance for 1.09 ETH.
The lack of permission checks in the migrateStake function of the StaxLPStaking contract is the primary reason behind this incident.
First, the contract determines if the user has funds in the old Staking Contract.
The oldStakingContract may be any contract because there were no prior checks. The staking contract has also been passed as an argument.
Anyone can use this function to withdraw StaxLP from the contract.
The hacker creates his own Smart Contract, which consists of only a migrateWithdraw function with no code.
Then, using his own smart contract and the maximum amount possible, he calls the migrateStake function.
All the tokens were withdrawn using the withdrawAll function.
The team has stated that they will make remediation to all affected users.
This exploit could have been avoided with a sanity check of only accepting whitelisted old staking contracts.
Our security team at Neptune Mutual can validate your platform for DNS and web-based security, smart contract reviews, as well as frontend and backend security. We can offer you a solution to scan your platform and safeguard your protocol for known and unknown vulnerabilities that have the potential to have catastrophic long-term effects. Contact us on social media if you are serious about security and have the budget, desire, and feeling of responsibility to do so.
Neptune Mutual project safeguards the Ethereum community from cyber threats. The protocol uses parametric cover as opposed to discretionary insurance. It has an easy and reliable on-chain claim process. This means that when incidents are confirmed by our community, resolution is fast.
Join us in our mission to cover, protect, and secure on-chain digital assets.
Official Website: https://neptunemutual.com