How the Oracle Manipulation Attack Happened to Inverse Finance

Let’s reproduce the attack on the Ethereum mainnet fork with hardhat!

yuichiro aoki
Coinmonks
Published in
6 min readAug 16, 2022

--

an attack contract I reproduced

Today I’m going to demonstrate how I reproduced the inverse finance attacker’s code (not the actual one) so you can understand the whole process better. You can execute almost the same transaction as the attacker did on Ethereum mainnet fork with hardhat.

Motive

I’m just curious about oracle attacks and wanted to reproduce any one of them on the hardhat fork network. It is just surprising how a couple of hundred lines of code takes away a huge amount of tokens within a minute.

Oracle Manipulation Attack on Inverse Finance

On June 16th, 2022, someone manipulated the oracle price on inverse finance with AAVE flashloan on Ethereum mainnet, and earned more than $1 million worth of tokens (53.24 WBTC and 99,976 USDT). This story explains the attack concisely.

Attack Transaction:

--

--