Read News For Me
Popsicle Finance is a decentralized platform that is managed by its users, and it aims to provide liquidity to its users in a more user-friendly way. It manages the liquidity across multiple chains to increase capital efficiency and also provides the highest possible yields to the users.
On August 3rd, 2021, a hacker executed a transaction at 10:53 PM UTC, which drained out 85% of the Sorbetto Fragola pools. The hacker successfully exploited the step during a transaction where the contract is provided with the user info and the amount & states when the user deposited.
What actually happens in the usual scenario is that token0PerSharePaid and token1PerSharePaid are updated when the tokens are deposited by the users. It happens because the users are paid the fees from the direct state in which they entered the pool.
Here, what the hacker did is that he made the contract believe that he has earned total TVL of the pool as the fees, which is entitled to $20.7 million. The hacker, in one transaction, took all the coins and swapped them with ETH tokens on Uniswap and later, he laundered them through Tornado.Cash.
Another interesting thing is that the team is ready to pay the bounty of $1,000,000 to the hacker if he returns the funds. They are doing this to promote trust in this DeFi space.
Popsicle finance has come up with few ideas to compensate for the lost funds. These ideas include increasing the protocol fee from 10% to 15% so that 5% can go to the lost fund pool, issuing a debt token, using the tokens allocated to the team for staking and using DAO & team funds as collateral for borrowing money to pay back.
These ideas are still not certain; the team will soon announce the final proposal for the compensation.
Soon after the news came out, the market price for Popsicle finance (ICE) has dropped by almost 41%, and the token is currently priced at $1.33.
The graph clearly represents that the investors were worried about their tokens and started selling soon after hearing about the hacking. But it seems that investors still trust the token because the price starts to increase slightly.
Notably, the contracts other than Sorbetto Fragola (Uniswap V3 Optimizer), including ICE farming contracts, ICE token contracts and nICE staking, are unaffected.
Popsicle Finance is not the first DeFi platform to be hacked. DeFi platforms are constantly exposed to the risks of hacking. During the start of the month, ChainSwap also suffered two hacks resulting in a loss of $9 million. The Popsicle Finance team was taking necessary precautions for preventing the hacking. It has undergone two audits from CertiK and Peckshield and wasn't notified of any critical issues.