[ 3 / biz / cgl / ck / diy / fa / ic / jp / lit / sci / vr / vt ] [ index / top / reports ] [ become a patron ] [ status ]
2023-11: Warosu is now out of extended maintenance.

/biz/ - Business & Finance

View post   
File: 2.22 MB, 2186x1486, badORACLE.png [View same] [iqdb] [saucenao] [google]
17269573 No.17269573 [Reply] [Original]

https://etherscan.io/tx/0xb5c8bd9430b6cc87a0e2fe110ece6bf527fa4f170a4bc8cd032f768fc5219838

I'm not sure how everybody seemed to latch on to the same narrative about how the exploit worked (does nobody do original research?), but here is exactly what happened:

Attacker opened a massive WBTC *long*, using the 5x Short ETH token (https://etherscan.io/token/0xb0200b0677dd825bb32b93d055ebb9dc3521db9d); the attacker used 51.34 WBTC as collateral to borrow 4,698.01 WETH from the iETH contract.

Fulcrum then market-bought as much WBTC as it could using that WETH. Ruh-roh, no order-book exists. Just like last week, after which they bragged about high volume, and took no action.
>https://www.reddit.com/r/ethfinance/comments/f1hhov/bzx_fulcrum_user_lost_250k_instantly_warning/

Attacker's Fulcrum account has now defaulted. He loses *more* than his 51.34 WBTC of equity; he loses all of iETH's WETH. LOL. Fulcrum iETH is now INSOLVENT.

Attacker now sells his borrowed WBTC into the insane-market-price for ETH, repaying dYdX, and having a positive gain - at Fulcrum's expense. Wonder where his profit came from? iETH bag-holders. If you hold iETH, you ARE NOT SAFE - this token is INSOLVENT; borrowed WETH exceeds iETH supply.

Fulcrum is now going to obscure this fact, and say "its ok" that *their largest borrower ever has defaulted*. They are patching the contracts. If you are patching, it means theres a bug in the contracts. This wasn't an Oracle attack (they use Kyber, which IS Uniwswap for WBTC, another misdirection from team's part) - it was them being fleeced.

>> No.17269586

>>17269573
Whatever moons my UND bags long term. This is meaningless.

>> No.17269630

>>17269573
ieth wbtc ilink
who uses these anyways?

>> No.17269786

>Attacker now sells his borrowed WBTC into the insane-market-price for ETH,

oracle problem - If pulled from multiple sources this wouldn't have happened because outlier market price would have been discarded.

>> No.17269817

>>17269786

Yeah and no - Fulcrum has to execute using DEX liquidity - so its not "what is price" and it is "where can I trade at real price" - DEXs are too illiquid for margin trading especially when flash loans from dydx or aave are available, poor man can sling almost infinite liquidity on illiquid markets

>> No.17269907

>>17269817
True. Clearly multiple factors at play.

>> No.17270259

>>17269573

at current prices, Fulcrum
>lost $1,282,554 of WETH
>holding $513,656 of the user's WBTC collateral
>total loss of $768,897 to iETH users

>> No.17270297

>>17269817
Chainlink ultimately can pool the liquidity of all DEXes, so yeah it would've stopped this thing dead in its tracks, not just because it would've been harder to fleece on a technical level, but because the amount required to fuck up the liquidity is astronomically higher.

>> No.17270318

I don't understand any of this. what's a bitcoin?

>> No.17270367

>>17270297
>Chainlink ultimately can pool the liquidity of all DEXes
Wtf are you talking about fucking mindless dribble

>> No.17270470

>>17270367
he doesn't know....