Post Mortem: Fintoch

보고서 ·사고 분석 · 2024년 1월 8일

Project name: Fintoch

Project type: Token

Date of exploit: May 5th, 2023

Asset loss: ~$31.6M

Vulnerability: Rug Pull

Date of audit report publishing: Dec 15th, 2022

Conclusion: Out of audit scope

Details of the Exploit

Background

Fintoch is a SCAM token

Nature of the Vulnerability

It was a SCAM that cheated users into buying FTH tokens with BSC-USD (a stablecoin pegged at 1 USD). Finally, it dumped FTH tokens minted during deployment to drain ~31.6M BSC-USD in the pool.

CertiK Audit Overview

Screenshot 2024-01-11 at 8.59.24 PM

Conclusion

On May 5th, 2023, the Fintoch was rugpulled, leading to a loss of ~$31.6M.

CertiK Audited the pool and lending product of the Fintoch. However, the exploit was due to the vulnerability in the token product (i.e., FTH token), which is a different product from what CertiK has audited. Therefore, it is out of the audit scope.

관련 블로그

보고서 ·사고 분석

Post Mortem: Hector Network

In light of the $2.7 million withdrawal incident from Hector Network's contract, we have gathered all the relevant information and are committed to maintaining transparency with the public.

2024년 1월 17일

보고서 ·사고 분석

Post Mortem: Sushiswap

On April 9th, 2023, the RouteProcessor2 in Sushiswap was exploited due to missing validation on the input with processRoute function. The total loss is around $ 3.3 M.

2024년 1월 8일

보고서 ·사고 분석

Post Mortem: Safemoon

On Mar 28th, 2023, the Safemoon token contract was attacked, leading to a loss of $8.9M. The attacker took advantage of the public burn function and drained funds from the LP pool.

2024년 1월 8일