X

Popsicle Finance ($ICE) Price crashes after it Suffered $25 Million Exploit

A known bug bounty hunter explained that the protocol doesn’t transfer reward debt when users send their share of tokens

Hackers leak stolen Kenyan foreign ministry documents

Popsicle Finance ($ICE) Price crashes after it Suffered $25 Million Exploit – Popsicle Finance ($ICE), a multichain yield optimization platform for liquidity providers has become the latest Defi protocol to face a major exploit on its network. The hackers managed to drain a whopping $25 million by exploiting a bug in the reward debt mechanism.

Popsicle Finance ICE Price crashes after it Suffered 25 Million Exploit – Source: Etherscan

Mudit Gupta, a known bug bounty hunter explained that the protocol doesn’t transfer reward debt when users send their share of tokens. The network updates `token0PerSharePaid` and `token1PerSharePaid` against depositors to keep track of the deposited tokens. This way the protocol payout users from the date they entered rather than from the first day. However, the bug here is that these variables are not updated as soon as the user deposits tokens into the system.

This way a user can claim rewards for the same share from multiple accounts as it is not registered on the network. This was what the explorers did with the Popsicle finance and managed to get away with $25 million worth of tokens.

Popsicle Finance ICE Price crashes after it Suffered 25 Million Exploit – Source: Twitter

Gupta highlighted that the bug is not new and has been exploited a dozen times on other protocols as well. He himself had reported the same bug in June.

In June, I reported the same bug in WildCredit. This bug has been exploited in like a dozen other protocols already. Auditors and Smart contract devs need to keep up with the ecosystem. This code should not have made it to production.

Popsicle Finance acknowledged the hack on its network but assured that only the Fragola contract was breached and rest all contracts are completely secure. They also advised traders to remove any funds from ETH/AXS, ETH/SLP, ETH/LINK, or any EURt Pool immediately.

$ICE Price Nose Dive by 50%

The exploit had an immediate impact on the price of the native token called ICE which fell by 50%. The price of the ICE token nose-dived from a daily high of $2.31 to a daily of $0.931 before recovering up to $1.15.

The popularity of defi and the launch of new projects with instant success has made it one of the biggest attractions for exploiters. Only last month Polygon-based Safedollar was exploited as well that saw its price crash to zero.

Categories: Cryptocurrency
Cynthia Charles: She is a prolific writer and has special interest on writing about business and opportunities. She can be contacted via cynthiaadigwe@financialwatchngr.com
X

Headline

You can control the ways in which we improve and personalize your experience. Please choose whether you wish to allow the following:

Privacy Settings