CertiK Logo
CertiK Logo
Products
Blogs
Company
incident-response

Products & Technology

Featured Ecosystems

Company

English
Back to all stories
Blogs
Incident Analysis
Aping Peril: The Price Manipulation Exploit with ParaSpace
1/8/2024
Aping Peril: The Price Manipulation Exploit with ParaSpace

Project name: ParaSpace

Project type: Lending

Date of exploit: March 17, 2023

Asset loss: Around 50~150 ETH (2909 ETH Rescued)

Vulnerability: Price Manipulation

Date of audit report publishing:

  • Oct 25, 2022: ParaSpace (Audit 3)
  • Dec 23, 2022: ParaSpace - NFT Money Market

Conclusion: Out of Audit Scope

Details of the Exploit

Background

ParaSpace provides a lending protocol where users can deposit collateral and borrow tokens. On March 17, 2023, ParaSpace was exploited by a price manipulation attack where the attacker can manipulate the collateral size to borrow extra tokens.

Nature of the Vulnerability

The size of collateralized assets is calculated by the scaledBalanceof function, which will use the getPooledApeByShares function. And the getPooledApeByShares is calculated with sharesAmount.mul(_getTotalPooledApeBalance()).div(totalShares). The vulnerability lies in the AutoCompoundApe._getTotalPooledApeBalance function, which calculates the collateral size of cApe collateral based on the staked amount in the ApeCoinStaking contract. The attacker can utilize the ApeCoinStaking.depositApeCoin function to increase the staked amount a lot.

CertiK Audit Overview

Screenshot 2024-01-08 at 5.35.20 AM

Conclusion

On March 17, 2023, a vulnerability located in the AutoCompoundApe contract of the ParaSpace protocol was exploited by a price manipulation attack. Around 50~150 ETH tokens were lost due to slippage and 2909 ETH were rescued.

The vulnerability is located in the AutoCompoundApe contract, which was introduced after the audit and thus outside CertiK’s audit scope.

Related Stories
Prisma Finance Incident Analysis
Blogs
Incident Analysis
On 28 March, Prisma Finance was exploited by multiple addresses leading to a loss of approximately $12.3 million. Three attackers took advantage of a vulnerability in the Prisma Finance MigrateTroveZap contract which allowed them to manipulate a migration process. Since the exploit occurred, a wallet that received funds from the main exploiter has reached out to the Prisma Finance deployer declaring that their actions were a white hat rescue.
3/29/2024
Curve Conundrum: The dForce Attack via a Read-Only Reentrancy Vector Exploit
Blogs
Incident Analysis
On Feb 9, 2023, dForce's lending protocol was attacked, leading to a loss of $3.7M. The attacker made use of a read-only reentrancy vector to manipulate the price in the lending protocol to drain funds from the pool.
1/8/2024
Oracle Dependency: Decrypting the Sturdy Finance Attack
Blogs
Incident Analysis
On Jan 12, 2023, the lending platform Sturdy Finance was attacked, leading to a loss of 442 ETH. The attacker made use of a read-only reentrancy vector to manipulate the price used in a lending protocol to drain funds.
1/8/2024
CertiK Logo
SOC
© 2024 by CertiK. All Rights Reserved.
Products & Technology
Smart Contract AuditSkynetSecurity ScoreKYCPenetration TestingBug BountyFormal VerificationAdvisory ServicesSkyHarborSkyInsights
Company
AboutVenturesBlogCareersDisclaimerPrivacy PolicyCookie PolicyTerms and ConditionsTrust and Security
Social Media
CertiKSecurity LeaderboardCertiK AlertTelegramYoutube
MediumLinkedIn
Wechat
Discord
MediumLinkedIn
Wechat
Discord
© 2024 by CertiK. All Rights Reserved.
;