Project name: Sperax USD/Sperax
Project type: Token
Date of exploit: Feb 4, 2023
Asset loss: $250k
Vulnerability: Incorrect Logic in Migration/Rebasing Mechanism
Date of audit report publishing:
Conclusion: Out of Audit Scope
Sperax USD is a DeFi project providing services including USDs (liquid-staked stablecoin) and Demeter (multi-DEX liquidity management protocol) on Arbitrum. The USDs contract was exploited by a potential vulnerability in the accounting migration mechanism. The attacker utilized this vulnerability to inflate the supply of USDs.
On Feb 4, 2023, SperaxUSD was attacked, leading to a loss of $250K due to the incorrect logic in its Migration/Rebasing Mechanism.
The compromised contract is Sperax's stablecoin contract (Sperax USD, USDs), which is out of CertiK's audit scope (staking and SperaxToken contracts).
SperaxUSD’s announcement: