Analysis of The Attack on Osmosis by Fairyproof
On June 8, 2022, Pool No 678 deployed on the Osmosis blockchain was attacked. The OSMO-USDC trading pair in the pool was very likely being…
On June 8, 2022, Pool No 678 deployed on the Osmosis blockchain was attacked. The OSMO-USDC trading pair in the pool was very likely being exploited due to a vulnerability. By exploiting this vulnerability, a user could exit the pool and obtain an extra 50% of the assets he/she initially deposited in the pool.
The procedure was like this:
A user could join the pool by depositing both USDCs and OSMOs into the pool and obtaining the GAMM-678 tokens. Then he/she could exit the pool by depositing the same number of the GAMM-678 tokens he/she obtained into the pool. After that he/she would obtain not only the number of USDCs and OSMOs he/she initially deposited in the pool but also an additional 50% of these tokens.
Here was the link to a transaction:
Interchain Explorer by Cosmostation
Interchain block explorer and data analytics for sovereign blockchain networks.www.mintscan.io
From the screenshot, we can see that the user deposited 29.954079 UNKNOWNs and 26.037114 OSMOs and obtained 8.786 GAMM-678s.
Then he did the following transaction:
From the screenshot, we can see that the user exited the pool by depositing 8.786 GAMM-678s and obtained 44.916677 USDCs and 39.042097 OSMOs.
The total number of USDCs and OSMOs the user eventually obtained was more than what he/she initially deposited by 50%.
The Osmosis blockchain was a blockchain based on COSMOS and the trading pair was deployed by native, at the time of writing the Osmosis blockchain has been shut down.
Crypto assets valued at around $5 million were exploited in this incident.