Chibi Finance $1 million alleged rug pull: How it happened

Here is a description of how it works, with StrategySushiSwap.sol being utilized as an example: Lines 340– 343 of StrategySushiSwap.sol state that if the panic() function is called, it will call a 2nd function called “emergencyWithdraw” on the ISushiStake contract.The panic() function in StrategySushiSwap.sol contract. A user might want to call this function if a bug in the benefit contract causes them not to be able to get rewards.The emergencyWithdraw function has a failsafe to avoid usage by unauthorized individuals. CertiK speculated that each of these transactions may have included a Chibi Finance contract to a list within the destructive agreements information for an overall of eight agreements in the list.On June 27, the deployer account for Chibi Finance transferred admin rights for the eight Chibi Finance agreements to the harmful contract.

Here is a description of how it works, with StrategySushiSwap.sol being used as an example: Lines 340– 343 of StrategySushiSwap.sol state that if the panic() function is called, it will call a second function named “emergencyWithdraw” on the ISushiStake contract.The panic() function in StrategySushiSwap.sol agreement. A user may desire to call this function if a bug in the reward agreement causes them not to be able to get rewards.The emergencyWithdraw function has a failsafe to prevent use by unapproved individuals. An issue can arise if the user does not call this function straight from their own wallet.For example, when a user transferred funds using Chibi Finance, their crypto was sent to SushiSwap by the StrategySushiSwap agreement, not by the end-user straight. CertiK hypothesized that each of these transactions may have added a Chibi Finance contract to a list within the malicious contracts information for a total of eight agreements in the list.On June 27, the deployer account for Chibi Finance transferred admin rights for the eight Chibi Finance agreements to the malicious contract. It did this through eight different transactions, each one calling the “setGov” function on a particular contract.Admin rights for one of the Chibi Finance agreements being altered.

Leave a Reply

Your email address will not be published. Required fields are marked *