Cryoto Currency

Cointelegraph: Team Finance profited from protocol migration for $14.5M despite contract audit


Team Finance profited from protocol migration for $14.5M despite contract audit

Team Finance locked up the decentralized finance (DeFi), lockup protocol on Oct. 27 The platform’s v2 to V3 migration function saw tokens worth over $14.5million being exploited. As Telled PeckShield, a blockchain security firm, discovered that the hacker transferred liquidity to Team Finance’s Uniswap v2 assets and to an attacker controlled v3 pair with skewed prices. The attacker locked tokens to the contract and took the large profits as a refund by bypassing existing validation mechanisms.

Uniswap v3 is more efficient for liquidity providers (LPs) than v2 on the decentralized exchange. To migrate their LP assets from v2 into v3, users must interact with a migration Smart Contract. PeckShield calculated that the initial attack vector needed for this interaction cost only 1.76 Ether (ETH).