Select Page

Rari Capital Details $10M DeFi Hack in Post Mortem

Rari Capital Details $10M DeFi Hack in Post Mortem
This article is added for educational purpose only. All credit goes to the respected author of this article. All In One Crypto App do not hold any liabilities of this article. You can get the source link at the end of the article content.

The latest decentralized finance (DeFi) protocol to suffer at the hands of a malicious actor is Rari Capital, which lost over $10 million in a weekend exploit.

On May 9, Rari published a post mortem on the attack explaining how an attacker managed to drain its Ethereum pool of 2,600 ETH. The report confirmed that the loss equated to 60% of all user funds in the Rari Capital Ethereum Pool, valued at around $10 million at the time.

Rari is an automated yield farming platform that rebalances pools and funds to source the best yielding strategies across the DeFi ecosystem. As of May 1, DeFi Llama was reporting a TVL of $90 million, but that had fallen by $8 million on May 10 according to Rari itself.

The incursion, which occurred on May 8, is the latest in a long string of DeFi exploits, including the EasyFi exploit on April 20.

Outsmarting the DeFi smart contract

The post mortem explained that Rari uses Alpha Finance’s ibETH token as one of its yield-generating strategies for ETH deposits.

According to Alpha Finance, the function to calculate the total amount in the pool was manipulated from within the smart contract to call other functions from Rari’s ETH pool contract. This enabled the attacker to deposit ETH, which was gained from a dYdX flash loan, and repeatedly withdraw more than was actually in the pool.

Rari Capital Ethereum Pool’s balances were artificially inflated through the vulnerability enabling the attacker to make off with the loot and drain the pool. Rari commented that the code had been audited but this vulnerability was overlooked.

“The code exploited was audited by Quantstamp, but, unfortunately, they were not aware of these conditions either.”

It added that further security measures will be implemented in the future and there is another audit planned with OpenZeppelin.

Compensation from developer fund

In a May 10 update, Rari Capital founder Jai Bhavnani stated that there was a plan to use some of the developer funds in order to recompense the victims.

Around 2 million Rari Governance Tokens (RGT) were allocated to protocol contributors and ecosystem expansion. However, following a vote, it was decided to channel this into a compensation fund.

“While it was indeed initially meant to scale the team, all of the protocol contributors have elected to give that 2M $RGT back to the DAO with the ask of using the newly acquired $RGT to reimburse lost funds and reward those that helped in the war room.”

RGT prices plunged over 40% following the attack but have managed to recover a little to trade at $14 at the time of press.

The post Rari Capital Details $10M DeFi Hack in Post Mortem appeared first on BeInCrypto.


Source: BeInCrypto


All In One Crypto App presents a unique dynamic crypto course that allows you to become a profitable and successful trader. Download Now

Don't forget to share your review/suggestions for android app.

All In One Crypto App is an execution-only service provider. The material provided on this website is for information purposes only and should not be understood as an investment advice. Any opinion that may be provided on this page does not constitute a recommendation by All In One Crypto App or its agents. We do not make any representations or warranty on the accuracy or completeness of the information that is provided on this page. If you rely on the information on this page then you do so entirely on your own here


Select Sub Category


All In One Crypto App

Made $234 profit with Free Signals from $50

This is the best useful app on my phone. Started trading with $50 and in 5 weeks I was up to $234 just with the free signals. I will recommend it to any new person that wants to try trading crypto. Link to Review

Asoluka Chimdindu

Free User
All In One Crypto App

Good Support

This app is one of the best for crypto currency trading signal for experts and beginal with free and premier with auto follow trading bot all the signal is excellent with accurate technical analysis and fundamental I really like the way they guide and support. Link to Review

olaplus olaplus

Premium User
All In One Crypto App

Accurate Trading Signals

I was premium member of this channel back in 2018 when there was no app. Thr signals were too good, more than 90% accuracy. Now with this app and newly introduced auto trading bot, it will be awesome. Too the moon. Link to Review

Yogesh Patil

Premium member
All In One Crypto App

Awesome and Accurate Signals

Very glad to use this app. The crypto signals was awesome and accurate with detailed explanation and visual information. The admin also helpful and nice. Link to Review

soon cheong

Free User
All In One Crypto App

User Friendly App

Signals are great. I love it. App also friendly to use… Nice job guys Link to Review

Olawunmi Dilureni

Premium Subscriber