How to analyze an attack? — a case on the Mango Markets Hack
In this article series, we will conduct in-depth post-hack investigations on a few representative attacks on on-chain protocols and share the techniques and tools used by the Sec3 core team for understanding the attacks.
Recently, MangoMarkets was exploited for over $100M due to a protocol vulnerability (subject to price manipulation of the MNGO token). The hacker even created a Mango DAO proposal “Repay bad debt” that calls for the Mango treasury to pay off the bad debt.
Here are the main findings (on the hack):
- The attacker funded two accounts with more than $10M USDC from FTX
Account1: yUJw9a2PyoqKkH47i4yEGf4WXomSHMiK7Lp29Xs2NqM
Account2: J44uRJxJEDTyPgFG6BtQJ3skhex8FeBbDJWVoh3z9dJU
- Using the above two accounts as the owner, the attacker created two Mango accounts and deposited 5M USDC to each account as collateral
MangoAccount1: 4ND8FVPjUGGjx9VuGFuJefDWpg3THb58c277hbVRnjNa
MangoAccount2: CQvKSNnYtPTZfQRQ5jkHq8q2swJyRsdQLcFcj3EmKFfX
- The attacker used MangoAccount1 to…