Weekly Report (Jan-23)
Midas Capital and Thoreum Finance exploited. Rarible, and Yves Saint Laurent web3 initiatives.
Playing the video that you've selected below in an iframe
Animoca Brands launching a PFP NFT collection dubbed Mocaverse. CFDA releasing NFT collection.
Web3 marketers are investigating how brands can position themselves to continue profiting from NFT ventures while also enhancing the value of their products. The NFTs have provided a venue for an innovative and accessible method of developing a user-centric experience from which participants can reap from utility. The metaverse has altered the manner in which users interact with one another, granting them control over their data as well.
Elastic Swap, an automated market maker focused on tokens with elastic supply, was exploited through price manipulation, which resulted in a total loss of almost $854,000. The vulnerability was caused due to the usage of two different accounting systems which resulted in inconsistent calculation for adding and removing liquidity in contracts. The attacker first added liquidity, before transferring some $USDC.e directly to TIC-USDC pool. The amount of $USDC.e to be transferred to the attacker was multiplied by the number of LP tokens, then the attacker removed this liquidity to make a profit of approximately 22,454 $AVAX worth $290,328. The AMPL-USDC pool of ElasticSwap on Ethereum was also compromised using the same method, in which the exploiter made a profit of 445 $ETH worth around $564,000. We have outlined the detailed analysis of the exploit in our blog post here.
The NimbusPlatform on the BSC chain was compromised via a flash loan attack, with the attacker benefiting 278 BNB worth $76,000. The vulnerability was triggered by a bug in its rewards computation, which simply depended on the quantity of tokens in the pool, allowing flash loans to manipulate it to collect more rewards than expected. The price feeds of $NIMB and $GNIMB, the reward token, are necessary to determine the staking reward. The price of $NIMB, on the other hand, is computed using the manipulated $NIMB minus $NBU_WBNB pair. The exploiter borrowed 75,477 $BNB and traded it for $NBU_WBNB to withdraw the majority of the $NIMB from the pool. Prior to the attack, the ratio of Nimbus Utility tokens to Nimbus Governance tokens was 0.069:1, but due to the flash loan and swap, the ratio increased to 2919.7:1, resulting in a far higher reward. The exploiter later swapped $GNIMB for $BNB in order to repay the flash loan. The detailed analysis of the exploit can be found in this blog.
Raydium suffered an exploit affecting eight constant product liquidity pools resulting in a loss of approximately $4.395 million. The vulnerability was likely caused by a Trojan horse attack that compromised the owner's private key to the liquidity pool. There is speculation that the attacker gained remote access to the virtual machine or internal server on which the account was deployed. The attacker gained access to the pool owner's account and was subsequently able to collect any transaction or protocol fees accrued from pool swaps.
Animoca Brands has announced the debut of its official PFP NFT collection, Mocaverse, in the first quarter of 2023. The collection, which includes 8,888 NFTs of Mocas, will symbolize the principles and culture of all Animoca Brands, portfolio companies, and partners. The NFTs will serve as membership cards for members of the Animoca Brand team, investors, partners, and select token holders. Each Mocas belongs to one of five tribes: Dreamers, Builders, Angels, Connectors, and Neo-Capitalists, and each tribe represents a distinct character of a Web3 changemaker. The Mocaverse will have four utility categories known as realms. Each realm will symbolize one of the collection's four main pillars: study, play, construct, and do good. Mocas members will receive a range of incentives, including the opportunity to learn together through AMAs, play together through game passes and special in-game materials, and produce together through accelerator programs.
The Council of Fashion Designers of America (CFDA) has launched a fascinating festive NFT collection, making its Web3 premiere with a collectible collaboration event. This year marks the 60th anniversary of the non-profit trade association, which will be commemorated by the launch of a collection of NFTs. This event for NFT release marks a slice of time in the history when the world of major fashion meets rising NFT technology. The CFDA's NFT debut brings together numerous well-known fashion brands, including Coach, Michael Kors, Tommy Hilfiger, and Vivienne Tam. The project website has further information on the limited edition.
Open Zeppelin has officially released its metaverse security solution, with The Sandbox as its first customer. The blockchain security firm will do real-time audits of smart contracts in The Sandbox, as well as monitor vulnerabilities and detect potential threats to metaverse initiatives. The Defender, a set of security tools developed by OpenZeppelin, is being used to monitor Web3 transactions taking place in The Sandbox. The tool will allow the team to automate smart contract administration including access controls, upgrades, and pausing as well as monitor and respond to smart contract vulnerabilities quickly and receive notifications through email, Slack, Telegram, or Discord. OpenZeppelin will leverage the expertise of its subsidiary Forta to provide The Sandbox with real-time detection and monitoring of anomalies in the metaverse ecosystem.
Manchester United have officially launched their NFTs on the Tezos blockchain. These digital collectibles are the key to the club's virtual experiences and will grant their owners access to exclusive players, content, and other benefits. The Classic Key enables fans to enter giveaways, participate in drops, and gain access to secret Discord channels. The Rare Key provides the same advantages, as well as enhanced giveaways, discounts, and conversations with celebrity players. In addition to the same benefits, the Ultra Rare Key also includes an invitation to Old Trafford stadium for the complete Manchester United experience.
Risk Harbor announced the release of a bridge protection product in collaboration with Socket. With a low-touch, enjoyable experience, this solution seeks to give users and developers the confidence to use bridges securely, increasing their level of comfort with bridge usage.
InsurAce has partnered up with SingularityDAO to provide their users with protection and growth opportunities for their digital assets.