Harvest Finance engineering mistake fiasco

Harvest Finance engineering mistake fiasco

By ircrp | ircrp | 27 Oct 2020


 

The DeFi space in late October of 2020 has been somewhat shaken by the news of a Hacker stealing $24 million worth of Harvest Finance funds. The attack has been made possible by the design and implementation issues within Harvest Finance which in combination with an arbitrage strategy has resulted in exploitation of $24 million of the cryptocurrency being stolen. 

 

  • One of the early reports has speculated on a very clever arbitrage strategy which would've resulted in the funds getting drained from Harvest Finance. The strategy would've seen the attacker rinse repeat strategy of acquiring flash loan worth of $50 million, arbitraging through several markets to gain $0.5 million profit per repeat.

  • After other community members have started putting more effort into their investigation along with looking at the source code of the Harvest Finance protocol there were more signs that there is something more sinister happening. The latter speculations have started highlighting a potential bug within the implementation of a grey list in regards to the Deposits, along with a loose design of the arbitrage check function.

  • With the problem being at the forefront of the cryptocurrency news the Harvest Finance official twitter handle has admitted to an engineering mistake which would've resulted in thousands of people losing their funds.

  • Somewhat surprisingly the attacker has chosen to transfer back 10% of the stolen funds upon which Harvest Finance has communicated that the funds would be distributed to the victims on a pro-rata basis.

 

Related Reading
 
Ongoing crypto free earn campaigns:


ircrp
ircrp

Crypto enthusiast and a first-time blogger

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.