CertiK Logo
CertiK Logo
Products
Blogs
Company
incident-response

Products & Technology

Featured Ecosystems

Company

English
Back to all stories
Blogs
Incident Analysis
Post Mortem: TerraPort Finance
1/8/2024
Post Mortem: TerraPort Finance

Project name: TerraPort Finance

Project type: DEX

Date of exploit: Apr 10th, 2023

Asset loss: around $4M

Vulnerability: Centralization Related Risk

Date of audit report publishing: Dec 11th, 2023

Conclusion: Out of Audit Scope

Details of the Exploit

Background

Terraport operates as a DeFi platform that uses smart contracts on the Terra Classic blockchain. It is structured around a circular economy model designed for perpetual self-sustainability. The platform's operations are driven by its inherent deflationary token, $TERRA, which serves as a key to unlocking different functionalities within the ecosystem.

Nature of the Vulnerability

The Terraport Liquidity wallet is breached due to potential centralization risk.

CertiK Audit Overview

Screenshot 2024-01-11 at 8.44.16 PM

Conclusion

On April 10th, 2023, the Terraport project team was alarmed breach detected with the Terraport Liquidity wallet. The total loss is around $4M.

CertiK performed the audit assignment after the exploit.

References

https://twitter.com/_Terraport_/status/1645330062378508289

Related Stories
Prisma Finance Incident Analysis
Blogs
Incident Analysis
On 28 March, Prisma Finance was exploited by multiple addresses leading to a loss of approximately $12.3 million. Three attackers took advantage of a vulnerability in the Prisma Finance MigrateTroveZap contract which allowed them to manipulate a migration process. Since the exploit occurred, a wallet that received funds from the main exploiter has reached out to the Prisma Finance deployer declaring that their actions were a white hat rescue.
3/29/2024
Post Mortem: Hector Network
Blogs
Incident Analysis
In light of the $2.7 million withdrawal incident from Hector Network's contract, we have gathered all the relevant information and are committed to maintaining transparency with the public.
1/17/2024
Post Mortem: Thoreum Finance
Blogs
Incident Analysis
On Jan 18, 2023, Thoreum Finance's token contract v4 was exploited, leading to a loss of around 2,260 WBNB. The attacker took advantage of the flawed implementation in the token contract's transfer function and manipulated its balance.
1/8/2024
CertiK Logo
SOC
© 2024 by CertiK. All Rights Reserved.
Products & Technology
Smart Contract AuditSkynetSecurity ScoreKYCPenetration TestingBug BountyFormal VerificationAdvisory ServicesSkyHarborSkyInsights
Company
AboutVenturesBlogCareersDisclaimerPrivacy PolicyCookie PolicyTerms and ConditionsTrust and Security
Social Media
CertiKSecurity LeaderboardCertiK AlertTelegramYoutube
MediumLinkedIn
Wechat
Discord
MediumLinkedIn
Wechat
Discord
© 2024 by CertiK. All Rights Reserved.
;