Hashing Bits, 7th August edition

Hacks:

→ 4th August, 2021
Wault Finance, a cross-chain decentralized finance project, was a victim of flash loan arbitrage using Wault Finance’s $WUSD pegging mechanism. The attacker made a profit amounting to ~$816K.

Popsicle Finance, a multi-chain yield-generating crypto project, was hacked for $25 Million. A bug in SorbettoFragola, Uniswap v3 smart contract of Popsicle Finance was exploited in the heist.

On the morning of 4th August, BSV, a Bitcoin fork, was 51% attacked. The block reorganization was 14 blocks. The hack wiped 570,000 transactions from the BSV network. According to the experts, the attack was underway as of 7:30 UTC on Wednesday.

Vulnerability Writeups:

Wault Finance Analysis by Inspex.

Popsicle Finance postmortem by Popsicle team.

DeFi Security:

Why Copy-paste in DeFi’s are Scarier than Clowns by QuillAudits.

The Dangers of Token Integration — Secure Development Series by OpenZeppelin.

(DEFCON 29) Blockchain Village- Preventing Sandwich Attacks on DeFi w/ Recurrent/Recursive ZK Proofs by Gokul Alex & Tejaswa Rastogi.

Security First in DeFi: Incident Response Process by Raghav Bahl, Binance.