Published in


Hack Analysis: the Hundred Finance Heist, March 2022


The Gnosis Root Cause

Snippet 1: ERC667 fallback code

Hundred Finance Overview

Figure 1: A basic overview of a lending protocol
Snippet 2: Borrow function

Hundred Finance Forking

The Attack

Snippet 3: Flash loan
Snippet 4: Deposit collateral
Snippet 5: Borrow USDC
Snippet 6: Reentry
Snippet 7: Reentry


Snippet 8: Full attack



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store

Immunefi is the premier bug bounty platform for smart contracts, where hackers review code, disclose vulnerabilities, get paid, and make crypto safer.