Post Mortem: TerraPort Finance

Project name: TerraPort Finance

Project type: DEX

Date of exploit: Apr 10th, 2023

Asset loss: around $4M

Vulnerability: Centralization Related Risk

Date of audit report publishing: Dec 11th, 2023

Conclusion: Out of Audit Scope

Details of the Exploit

Background

Terraport operates as a DeFi platform that uses smart contracts on the Terra Classic blockchain. It is structured around a circular economy model designed for perpetual self-sustainability. The platform's operations are driven by its inherent deflationary token, $TERRA, which serves as a key to unlocking different functionalities within the ecosystem.

Nature of the Vulnerability

The Terraport Liquidity wallet is breached due to potential centralization risk.

CertiK Audit Overview

Screenshot 2024-01-11 at 8.44.16 PM

Conclusion

On April 10th, 2023, the Terraport project team was alarmed breach detected with the Terraport Liquidity wallet. The total loss is around $4M.

CertiK performed the audit assignment after the exploit.

References

https://twitter.com/_Terraport_/status/1645330062378508289

CertiK Ventures Announces Investment in Zoo Finance

CertiK Ventures is proud to announce our investment in Zoo Finance – a DeFi protocol pioneering the next evolution of blockchain fundraising via its Liquid Node Token (LNT) architecture.

2025年2月11日

报告 ·事件分析

Polter Finance Incident Analysis

On 16 November 2024, Polter Finance was exploited for ~$8.7 million, due to a price manipulation exploit. Polter Finance paused their platform shortly after to investigate.

2024年11月18日

报告 ·事件分析

Dough Finance Incident Analysis

On 12 July 2024, Dough Finance was exploited for ~$2.1m via multiple flash loan transactions. The attacker exploited arbitrary call vulnerabilities in the Dough ConnectorDeleverageParaswap contracts which allowed them to transfer WETH directly from these vulnerable contracts.

2024年7月16日