Immunefi
Published in

Immunefi

A PoC of the Hundred Finance Heist

Introduction

The Gnosis Root Cause

Snippet 1: ERC667 fallback code

Hundred Finance Overview

Figure 1: A basic overview of a lending protocol
Snippet 2: Borrow function

Hundred Finance Forking

  1. Flashloan funds
  2. Deposit funds as collateral
  3. Borrow against collateral in market 1
  4. Reenter protocol and borrow against collateral in market 2
  5. Swap Token 2 for Token 1
  6. Repay flashloan

The Attack

Snippet 3: Flash loan
Snippet 4: Deposit collateral
Snippet 5: Borrow USDC
Snippet 6: Reentry
Snippet 7: Reentry

Conclusion

Snippet 8: Full attack

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Immunefi

Immunefi is the premier bug bounty platform for smart contracts, where hackers review code, disclose vulnerabilities, get paid, and make crypto safer.