Cryptheory: Crypto and Internet

cryptocurrency, internet and AI meaning, guides, learning

ETH DeFi project ‘ForceDAO’ gets hacked hours after launch

3 min read

ForceDAO, a shiny new decentralized finance (DeFi) project, got attacked by five hackers this morning, reviving concerns around the highly experimental sector and the seemingly unending amounts of money flowing into hours-old projects.

Another day, another DeFi hack

The ETH-based project fashions itself as a decentralized autonomous organization (DAO) for ‘quant finance.’ It aims to leverage high returns from yield-bearing DeFi protocols and produce superior returns by adhering to community-proposed strategies and rewarding the strategists with powerful incentives.

Last week, the protocol’s developers said they would “airdrop” tokens to users of other DeFi protocols to ensure a fair launch and attract various crypto communities to their own. A total of 25 million FORCE tokens (out of a fixed 100 million supply) were to be distributed over the next month to those staking on Aave, Alchemix, Badger, Balancer, Curve, Maker DAO, Synthetix, Sushi, Vesper, and Yearn Finance.

But this morning, things on the much-awaited airdrop went awry. It got attacked by an estimated five hackers in the hours post the airdrop, causing FORCE prices to plunge more than 90% in a sudden, drastic fall.

The day ForceDAO got hit

Mudit Gupta, blockchain lead at Polymath Network, took to Twitter to explain what happened. As per him, the hackers exploited a known Solidity issue (Solidity is the underlying code of ETH), that allowed users to obtain FORCE tokens via an illicit process.

Hackers were able to manipulate the way xFORCE tokens (the “interest-bearing” version of FORCE that represents one’s share in the FORCE profit-sharing pool) are handled on the platform and get FORCE tokens in return, he noted.

“In the FORCE token, the transfer functions return false rather than reverting when the sender doesn’t have enough balance. The xFORCE contract assumes FORCE will revert and does not handle the returned value,” Gupta said.

He added:

“This means anyone can call the `deposit` function of the xFORCE contract even if they do not have any FORCE tokens. The xFORCE contract will mint them fresh xFORCE tokens even though it will fail to lock their nonexistent FORCE tokens.”

Gupta stated that over five hackers seemed to have attacked the project after reviewing the various addresses that the alleged hackers conducted their attack from. One was a ‘whitehat’ hacker who promptly returned the funds back to the network, but the others sold their proceeds.

Nearly $350,000 worth of ETH was dumped by the hackers in all. ForceDAO, on its part, issued an advisory that cautioned users to avoid trading on any exchanges until the issue was solved. The team has not issued any other statement as of press time.

The post ETH DeFi project ‘ForceDAO’ gets hacked hours after launch appeared first on CryptoSlate.


All content in this article is for informational purposes only and in no way serves as investment advice. Investing in cryptocurrencies, commodities and stocks is very risky and can lead to capital losses.

Leave a Reply

Your email address will not be published. Required fields are marked *