Ede Finance: A Case Study of Price Manipulation and Exploitation
Ede Finance is a decentralized finance (DeFi) project that runs on the Arbitrum layer 2 scaling solution. It claims to offer a platform for users to trade various tokens and earn rewards. However, on May 30, 2023, the project was exploited by an attacker who managed to steal around $580,000 worth of USDC and USDT tokens by manipulating the prices of the tokens involved.
The attacker claimed to be a white hat hacker who was exposing the project’s fraudulent practices. According to the attacker, the project’s core team had a backdoor that allowed them to liquidate any user’s trade on the platform using fake prices. The attacker also said that there were other vulnerabilities that could be exploited and that the project was not truly decentralized.
The team at Ede Finance admitted that they had made an “ill-advised decision” to manipulate the prices on their platform. They said that their intention was to blacklist those who had previously exploited the system, but they acknowledged that their actions were inappropriate and unethical. They also denied that they had any plans to misappropriate user funds, as this would leave a traceable record.
The team also stated that they had passed a security audit by Lunaray Sec, a security auditing firm. However, Lunaray Sec later confirmed that the vulnerabilities exploited by the attacker were not within the scope of their initial audit and that they had communicated with the Ede Finance team to rectify them. Lunaray Sec also affirmed that Ede Finance had successfully passed their security audit within the scope of their evaluation.
As a result of the incident, the price of EDE, the native token of Ede Finance, plummeted by more than 50% in 24 hours, from $2.43 to $1.18. This indicates a loss of investor confidence and trust in the project. To appease the attacker and the community, the team at Ede Finance offered to remove the smart contract that enabled the price manipulation and to reward the attacker with 5% of the team’s token allocation, subject to vesting periods, for pointing out the other vulnerabilities. The team also said that they would compensate the affected users with their own funds.
This case study illustrates the importance of thorough and comprehensive smart contract audits for DeFi projects. It also shows the potential risks and consequences of price manipulation and exploitation for both project owners and investors. As a leading smart contract audit company, we at Numen Cyber Labs prioritize the meticulous assessment of smart contracts to identify vulnerabilities and strengthen the security infrastructure of projects. We commend Lunaray Sec for their diligent security audit of Ede Finance, but we also acknowledge that some vulnerabilities may fall outside the initial audit scope. Therefore, we recommend continuous monitoring and testing of smart contracts to ensure their safety and reliability.
