Deep Dive Deep Dive into High-Profile Crypto Exploits — Part III: Fei Protocol

Background

  • FEI protocol -Fei is a decentralized, scalable, and DeFi-native stablecoin protocol
  • Rari Fuse Pool Lending, borrowing & yield for Fuse protocol.

The Attack — A High-level overview

The function doTransferOut is called when borrowing ETH from the cEther contract. The function uses to.call.value() which does not limit the gas of the called function.

The Attack — Step By Step

  1. Flash loan asset

Relevant Links

Attacker address: 0x6162759edad730152f0df8115c698a42e666157f

Mitigation

  1. Always use check-effect-interacts pattern https://fravoll.github.io/solidity-patterns/checks_effects_interactions.html…

About Solid Group

Solid Group is a blockchain consulting and auditing service provider founded by cybersecurity experts with a great passion for the cryptocurrency world. We are known for our exceptional out of the box thinking, experience, and our credibility among the community. Throughout our work, our team was able to discover many high severity issues & vulnerabilities. We work with leading companies in the field, helping them increase their resilience through tailored services and solutions.

  • audited token generator ( Generate your own token with NO CODING KNOWLEDGE)
  • sniper bot protection tool
  • Smart contract auditing service

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Solidgroup

Solidgroup

822 Followers

We are a group 3 software developers with combined experience of over 15years in various fields such as Software design, Operating systems, and solidity.