Protect Your Project Today
Strengthen your project with the largest web3 security provider.
A CertiK security expert will review your request and follow up shortly.

Post Mortem: DefiLabs

Reports ·Incident Analysis ·
Post Mortem: DefiLabs

Project name: DefiLabs

Project type: DeFi

Date of rug pull: July 27th, 2023

Asset loss: $1.6M

Vulnerability: Rug pull

Date of audit report publishing: Aug 25th, 2022

Conclusion: Out of Audit Scope

Details of the Exploit

Background

DefiLabs is a DeFi project providing various DeFi services such as staking and exchange.

Nature of the Vulnerability

There is a privileged function withdrawFunds allowing the funder to withdraw all funds in the pool.

CertiK Audit Overview

defi1 defi2

Conclusion

On July 27th, 2023, DefiLabs was rug-pulled by a privileged function in the vPoolv6 contract, which is not audited by Certik.

Related Blogs

Post Mortem: Hector Network
Reports ·Incident Analysis

Post Mortem: Hector Network

In light of the $2.7 million withdrawal incident from Hector Network's contract, we have gathered all the relevant information and are committed to maintaining transparency with the public.

Post Mortem: Fintoch
Reports ·Incident Analysis

Post Mortem: Fintoch

On May 5th, 2023, the Fintoch was rugpulled, leading to a loss of ~$31.6M.

Post Mortem: Sushiswap
Reports ·Incident Analysis

Post Mortem: Sushiswap

On April 9th, 2023, the RouteProcessor2 in Sushiswap was exploited due to missing validation on the input with processRoute function. The total loss is around $ 3.3 M.