Post Mortem: Fintoch

Project name: Fintoch

Project type: Token

Date of exploit: May 5th, 2023

Asset loss: ~$31.6M

Vulnerability: Rug Pull

Date of audit report publishing: Dec 15th, 2022

Conclusion: Out of audit scope

Details of the Exploit

Background

Fintoch is a SCAM token

Nature of the Vulnerability

It was a SCAM that cheated users into buying FTH tokens with BSC-USD (a stablecoin pegged at 1 USD). Finally, it dumped FTH tokens minted during deployment to drain ~31.6M BSC-USD in the pool.

CertiK Audit Overview

Screenshot 2024-01-11 at 8.59.24 PM

Conclusion

On May 5th, 2023, the Fintoch was rugpulled, leading to a loss of ~$31.6M.

CertiK Audited the pool and lending product of the Fintoch. However, the exploit was due to the vulnerability in the token product (i.e., FTH token), which is a different product from what CertiK has audited. Therefore, it is out of the audit scope.

Post Mortem: Hector Network

In light of the $2.7 million withdrawal incident from Hector Network's contract, we have gathered all the relevant information and are committed to maintaining transparency with the public.

2024年1月17日

报告 ·事件分析

Post Mortem: Sushiswap

On April 9th, 2023, the RouteProcessor2 in Sushiswap was exploited due to missing validation on the input with processRoute function. The total loss is around $ 3.3 M.

2024年1月8日