TechFlow reported, according to BlockSec, the Agave contract on xDai Chain was attacked due to an untrusted external call. The attacker called the `liquidateCall` function to liquidate themselves despite having no debt. During the liquidation process, the liquidator contract called the attacker's contract, which then deposited 2,728 WETH obtained via flash loans and minted 2,728 aWETH. Using this as collateral, the attacker borrowed all available assets from the Agave protocol. After the external call completed, the `liquidateCall` function directly liquidated the previously deposited 2,728 aWETH and transferred it to the liquidator.
Navigating Web3 tides with focused insights
Contribute An Article
Media Requests
Risk Disclosure: This website's content is not investment advice and offers no trading guidance or related services. Per regulations from the PBOC and other authorities, users must be aware of virtual currency risks. Contact us / [email protected] ICP License: 琼ICP备2022009338号




